Privacy policy.

Data protection is a matter of trust and your trust is important to us. We respect your privacy and personal sphere. The responsible and legally compliant handling of personal data is a key concern to cablex AG, Tannackerstrasse 7, 3073 Gümligen (hereinafter referred to as "cablex" or "we").  

This Privacy Policy ("Policy") describes how we process your personal data. The Policy shall apply and be a component of the contract if it is listed in the contractual document as a component of the contract or referred to in the applicable General Terms and Conditions (T&Cs). Should conflicts arise between this Policy and the T&Cs, the provisions of this Policy shall take precedence.  

¹ This Privacy Policy includes information on the following: 

• which personal data we collect and process;
• the purposes for which we use your personal data;
• who has access to your personal data; 
• the benefits of our data processing for you;
• how long we process your personal data for;
• the rights you have with regard to your personal data; and 
• how you can contact us. 

² We have aligned this Privacy Policy with the Swiss Data Protection Act and the European General Data Protection Regulation – GDPR for short. The GDPR has become established globally established as a benchmark for strong data protection. However, whether and to what extent the GDPR is applicable depends on the individual circumstance. 

Who is responsible for data processing? 

¹ The entity with responsibility for a specific instance of data processing under data protection law is the organisation that determines whether the processing should take place, the purposes for which it takes place and how this is done. cablex is responsible for data processing according to this Privacy Policy.  

² We may also be jointly responsible with other Swisscom Group companies for specific data processing, should they be involved in deciding on the form or purposes of the relevant data processing. Information on companies belonging to the Swisscom Group can be found in the latest applicable Swisscom AG business report. 

1. For whom and for what purpose is this Privacy Policy intended?

¹ This Privacy Policy applies to all persons whose data we process (each referred to as "you"), regardless of how you contact us, e.g. on the website, by telephone, via a social network, at an event, etc. It is applicable to the processing of personal data that has already been collected as well as personal data that will be collected in the future. 

² Our data processing may affect the following categories of individuals in particular, insofar as we process personal data in this context: 

• visitors to our websites;
• other people who use services from us or who come into contact with offers from us;
• people who write to or otherwise make contact with us;
• contacts from our suppliers, customers and other business partners as well as from organisations and authorities; and
• job applicants. 

³ Please also consult the contractual conditions for individual services (e.g. General Terms and Conditions, Terms of Use). These may include additional information on our data processing. For information on the collection and processing of personal data when using our website and social media presences, in particular in connection with cookies and similar technologies, please also consult our cookie information.

2. Which personal data do we process?

¹ "Personal data" is information that can be linked to a specific person. We process different categories of such personal data. You will find the most important categories as a guide below. However, in individual cases, we may also process additional personal data. 

² You can find out more about the origin of this data in No. 5 and the purposes for which we use said data in No. 6. 

2.1 Contractual and master data.

¹ Personal details 

• such as date of birth, gender, nationality, language, family status and, where contractually relevant, details on relatives and people close to you 

² Contact and identification data

• such as name, title, address, email address, telephone number, customer number and copy and number of official identification documents; login data such as username and password 

³ Communications to cablex  

• such as content and data that are exchanged when you contact us or that are noted by our contacts or that you share with us in customer surveys

⁴ Contractual data 

• such as contract type, start, term and content 

2.2 Technical data.

¹ If you use our website or other electronic services, we collect certain technical data, such as your IP address or a device ID. The technical data also includes the logs in which we record the use of our systems (log data). In some cases, we may also assign a unique identifier (an ID) to your end device (tablet, PC, smartphone, etc.), e.g. using cookies or similar technologies, so that we can recognise it again. You can find more details regarding this in our cookie information. 

² Technical data includes 

• the IP address of your device and other device IDs (e.g. MAC address);
• identifiers assigned to your device by cookies and similar technologies (e.g. pixel tags);
• details about your device and its configuration, e.g. operating system or language settings;
• details of the browser you use to access the service and its configuration;
• information on your movements and actions on our websites;
• details on your internet service provider;
• system recordings of access and other processes (log data). 

³ Please also note our cookie information with regard to the processing of technical data. 

2.3 Image and sound recordings.

¹ We make photos, videos and sound recordings in which you may appear, e.g. when you attend an event or when you are in contact with our customer service. We also make video recordings on our premises for security and evidence purposes. The use of video surveillance systems is locally limited and indicated. 

² Image and sound recordings include, for instance: 

• video surveillance system recordings;
  photos, videos and sound recordings from customer and public events (e.g. marketing, sponsoring, culture and sporting events);
  photos, videos and sound recordings of courses, presentations, training courses, etc.; 

3. Where does your personal data come from?

3.1 Data provided.

¹ You frequently disclose personal data to us yourself, e.g. when you send us data or communicate with us. In particular, you usually provide us with master, contractual and communication data yourself.  

² For instance, you supply us with your personal data in the following circumstances: 

• You send us application documents;
• You contact us via the website or another channel;

³ The provision of personal data is usually voluntary, i.e. you are usually not obliged to disclose personal data to us. However, we must collect and process the personal data that is necessary for the implementation of a contractual relationship and for the fulfilment of associated obligations or that is required by law, e.g. mandatory master and contract data. Otherwise we cannot conclude or continue the relevant contract. 

⁴ If you provide us with data regarding other people (e.g. family members, tenants), we assume that you are authorised to do so and that the data is accurate. Please also ensure that these other people have been informed of this Privacy Policy. 

3.2 Data collected.

¹ We may also collect your personal data ourselves or automatically, e.g. when you use our services. This frequently involves technical data (e.g. the date and time at which you access our website or use applications). 

² We collect personal data regarding you independently in the following circumstances, for instance: 

• You visit one of our websites or use one of our applications;
• We receive an order to make clarifications regarding the fibre optic network or mobile phone antennae;

3.3 Data obtained.

¹ We may also obtain personal data from the Swisscom Group. You can find more details on this under No. 7. However, we may also obtain details regarding you from other third parties, e.g. from companies we work with, from people who communicate with us or from public sources. 

² We may obtain details about you from the following third parties, for instance: 

• from your employer and work colleagues in conjunction with an application and their professional positions;
• from third parties, when correspondence and discussions concern you;
• from people around you (relatives, legal representatives etc.), e.g. your address for deliveries, references or powers of attorney;
• from credit rating agencies, e.g. when we obtain credit reports;
• from Swiss Post and address dealers, e.g. for address updates;
• from banks, insurance companies, sales and other contractual partners in the event of purchases and payments;
• from authorities, parties and other third parties in conjunction with official and judicial proceedings;

4. For which purposes do we process personal data?

4.1 Communication.

¹ We would like to stay in contact with you and address your specific concerns. We therefore process personal data for the purposes of communicating with you, for instance, to respond to enquiries and for customer care purposes. For this purpose we use in particular master data and, insofar as the communication relates to a contract, contractual data, too. We may also personalise the content and the delivery time of messages based on contractual and master data or technical data. 

² The purposes of communication include, in particular: 

• responding to enquiries;
• making contact with you in the event of queries;
• customer service and customer care;
• authentication, e.g. when using our applications;
• all other processing purposes, providing we communicate with you for them (e.g. contract implementation).

4.2 Contract implementation.

¹ We would like to offer you the best possible service. We therefore process personal data in conjunction with the initiation, management and implementation of contractual relationships, e.g. for the purposes of providing a service. Contract implementation may also include any agreed personalisation of services, where applicable. For this purpose, we use master data, contractual data and communication data in particular. 

² The purpose of contract implementation generally includes everything that is required or appropriate to conclude, perform and, where applicable, enforce a contract.  

³ This includes processing for the following purposes: 

• to decide whether and how (e.g. with which payment options) we enter into a contract with you (including the credit check);
• to provide contractually agreed deliverables, e.g. provision of services;
• to provide customer services and survey customer satisfaction;
• to bill for our services and for general accounting purposes;
• to plan and prepare for the provision of our services, e.g. planning the deployment of our employees;
• to verify the suitability of job applicants and, where applicable, to prepare and conclude employment contracts;
• to check whether we are willing and able to work with an organisation, and to monitor and assess its services;
• to enforce legal claims from contracts (debt collection, legal proceedings, etc.);
• to manage and administer our IT and other resources;
• to store data in the context of retention obligations;
• to terminate and end contracts.

4.3 Security.

¹ We wish to ensure your and our security and prevent abuses. We therefore also process personal data for security purposes, to ensure IT security and for evidence purposes. This may affect all personal data categories mentioned in No. 3, particularly also technical data. We may record, evaluate and store this data for the purposes mentioned. 

² The purposes of security include, for instance: 

• the evaluation of system recordings of the use of our systems (log data);
• preventing, defending against and resolving cyberattacks and malware attacks;
• analysis and testing of our networks and IT infrastructure and system and error checks;
• monitoring access to electronic systems (e.g. logins to user accounts);
• physical access monitoring (e.g. entry to office spaces);
• documentation purposes and the creation of backup copies. 

4.4 Compliance with legal requirements.

¹ We would like to create the conditions for compliance with legal requirements. We therefore also process personal data in order to comply with legal obligations and to prevent and detect breaches. This includes, for instance, the receipt and processing of complaints and other reports, compliance with orders of a court or an authority, and measures for the detection and clarification of abuses. This may concern all personal data categories mentioned in No. 3. 

² Compliance with legal requirements includes, in particular: 

• the implementation of health and safety concepts;
• clarifications regarding business partners;
• the receipt and processing of complaints and other reports;
• the performance of internal investigations;
• ensuring compliance and risk management;
• the disclosure of information and documents to authorities if we have an objective reason to do so (e.g. because we ourselves are the injured party) or are legally obliged to do so;
• collaboration with external investigations, e.g. by a law enforcement or regulatory authority;
• ensuring legally required data security;
• the fulfilment of disclosure, information or reporting obligations, e.g. in conjunction with regulatory requirements and obligations under fiscal law, e.g. regarding archiving obligations and for the prevention, detection and clarification of criminal acts and other violations; 

³ In all cases, this may involve Swiss law, but also foreign regulations to which we are subject, as well as self-regulation, industry and other standards, our own corporate governance or official instructions. 

4.5 Legal protection.

¹ We would like to be able to enforce our claims and defend ourselves against claims by others. We therefore also process personal data for the purposes of legal protection, e.g. to enforce claims in court, pre-court or out of court and before authorities in Switzerland and abroad or to defend ourselves against claims. Depending on the situation, we process different personal data, e.g. contact details and information about processes that have given rise to or could give rise to a dispute. 

² The purpose of legal protection includes, in particular: 

• the clarification and enforcement of our claims, which may also include claims from companies affiliated with us and our contractual and business partners;
• defending against claims against us, our employees, companies affiliated with us and against our contractual and business partners;
• the clarification of litigation prospects and other legal, economic and other queries;
• participation in proceedings before courts and authorities in Switzerland and abroad. For instance, we may secure evidence, have the prospects of litigation clarified or submit documents to an authority. It may also be that authorities ask us to disclose documents and data carriers that contain personal data.
   

5. What are the legal bases for our processing of personal data? 

¹ Depending on the purpose of data processing, we process personal data on various legal bases. We may therefore process personal data, in particular, if the processing: 

• is required for the fulfilment of a contract with the subject or for precontractual measures (e.g. the examination of a contract application);
• is required for the protection of legitimate interests, for instance, if data processing is a central part of our business activity;
• is based on consent;
• is required for compliance with legal provisions in Switzerland and abroad.

² In particular, we have a legitimate interest in processing for the purposes described above in No. 3 and in the disclosure of data in accordance with No. 7 and the associated objectives. Legitimate interests include our own interests and those of third parties. 

³ These legitimate interests include, for instance, the interest in 

• good customer care, maintaining contacts and communicating with customers, including outside of a contract;
• improving products and services and developing new ones;
• ensuring IT security, especially in connection with the use of websites and other IT infrastructure;
• safeguarding and organising business operations, including the operation and further development of websites and other systems;
• the enforcement or defence of legal claims;
• compliance with Swiss and foreign law as well as internal rules.

6. To whom do we disclose personal data?

6.1 Within the Swisscom Group.

¹ We may disclose personal data that we obtain from you or third-party sources to other Swisscom Group companies. Disclosure may serve the purposes of internal group administration or assisting the group companies concerned and their own processing purposes (No. 5), for instance, when we assist in the development and improvement of services. If necessary, the personal data obtained may also be compared and linked with existing personal data by the companies concerned, where applicable.  

² This may involve, for instance, the following disclosures of data: 

• All personal data categories mentioned in No. 3 for the management and implementation of contractual relationships, in particular in connection with products and services that include the performance of multiple group companies;
• Master data, contractual data, communication data for fraud and abuse prevention and for credit checks (e.g. in connection with a purchase on account);
• Security-related information for security purposes and compliance with legal requirements;
• Information on assistance with legal protection.  

³ You can find more information on companies belonging to the Swisscom Group in No. 2. 

6.2 Outside the Swisscom Group.

¹ We may disclose your personal data to companies outside the Swisscom Group if we make use of their services. These service providers usually process personal data on our behalf as "contractual processors". Our contractual processors are obliged to process personal data exclusively according to our instructions and to take suitable data security measures. Through the selection of service providers and suitable contractual agreements, we ensure that data protection is ensured throughout the entire processing of your personal data. 

² This involves services in the following areas, for instance: 

• IT services, such as services in the fields of data storage (hosting), cloud services, email newsletter delivery, data analysis and enhancement, etc.;
• consulting services, e.g. services provided by tax advisers, lawyers, business consultants or consultants in the personnel recruitment and employment sector. 

³ We may also pass on personal data to other third parties for their own purposes, e.g. if you have given us your consent or if we are legally obliged or entitled to pass it on. In these circumstances, the recipient of the data is themselves a data controller under data protection law. 

⁴ This includes the following circumstances, for instance: 

• the disclosure of personal data to courts and authorities in Switzerland and abroad, e.g. to law enforcement authorities in the event of suspicion of criminal behaviour;
• the processing of personal data in order to comply with a court or official order or to assert or defend against legal claims, or if we deem it necessary for other legal reasons. We may also disclose personal data to other parties involved in the proceedings.

⁵ We use cookies to personalise content and ads, to be able to offer functions for social media, and to analyse access to our website. We also disclose information on your use of our website to our partners for social media, advertising and analytics. Our partners may combine this information with other data that you have supplied to them or they have collected in the course of your use of services. 

• Cookies are small text files used by websites to make the user experience more efficient.
• According to the law, we may store cookies on your device if these are absolutely essential for the operation of this site. We require your permission for all other types of cookie.
• This page uses various types of cookies. Some cookies are placed by third parties that appear on our sites. You can view these when you click the link "Change your consent" below.
• Please state your consent ID and the date if you contact us with regard to your consent to the cookie policy.

You can change or revoke your consent at any time.

7. How do we disclose your personal data abroad? 

¹ Your data may also be processed abroad, in particular if we involve service providers and sales partners for the fulfilment of our services, for the provision and maintenance of our products, and for sales and marketing. In principle, it is feasible that your data may be processed worldwide. However, processing of such data shall take place in countries in the European Economic Area and the US in particular.  

• Data exchanged via the internet may also make its way abroad, even if both the sender and recipient are located in Switzerland.
• Applications may be run on cloud platforms to ensure their smooth operation. In some circumstances, cloud providers may be able to view your data from abroad and under foreign law.

8. How do we process particularly sensitive personal data? 

¹ Under data protection law, certain types of personal data are deemed "particularly sensitive", such as details regarding health and biometric characteristics. Depending on the situation, the personal data categories mentioned in No. 3 may also include such particularly sensitive personal data. However, we usually only process particularly sensitive personal data if this is required to provide a service, you have disclosed this data to us of your own accord, or you have consented to the processing. We may also process particularly sensitive personal data if this is required for legal protection or compliance with Swiss or overseas legal provisions, the relevant data appears to have been made public by the subject, or applicable law otherwise permits its processing. 

² We may process particularly sensitive personal data in the following circumstances, for instance: 

• You apply for a vacancy and in doing so give details regarding your health, membership of a trade union or prior criminal convictions and criminal sanctions.

9. How do we protect personal data?

¹ To protect your data against unauthorised or unlawful processing and secure it against loss, unintentional modification, unwanted disclosure or unauthorised access, we shall take technical and organisational measures, such as 

• the encryption and pseudonymisation of certain data
• the creation of backup copies
• the recording of access and implementation of technical access restrictions
• the issuing of binding instructions for data processing to our employees
• the conclusion of protection and confidentiality obligations with our service providers and corresponding checks. 

10. How long do we process personal data for?

¹ We use and store your data only for as long as is necessary or technically required to achieve the purposes, to comply with legal retention periods and our legitimate interests regarding documentation. It will then be erased or anonymised. 

² The following examples are included:  

• For the fulfilment of our financial reporting and retention obligations, we shall keep documents such as your invoices, including after payment, usually for 10 years.
• If there are still outstanding claims or there is suspicion of abuse, we shall keep your orders, cancellations or instructions to us for as long as necessary to enforce legal claims even after the contracts have ended.
• If certain data cannot be separated from other data, it shall be stored until the entire data set is erased (e.g. by overwriting backup copies).
• Application documents are deleted after no more than 6 months or, in the event of consent, after a maximum of 2 years.

11. What are your rights with regard to your personal data?

¹ You have the right to obtain information about your personal data processed by us in writing and free of charge at any time. You may send us your request for information in writing, enclosing a copy of your identity card or passport, to our postal address.  

² In addition, you have the right to request the rectification of incorrect personal data. You also have the right to have your personal data erased, unless we are required or entitled to keep some of your personal data under applicable laws and regulations.  

12. Legal bases and right to lodge a complaint.

¹ Depending on purpose, the use of your data has the following legal bases: Necessity for the conclusion or implementation of a contract, for the fulfilment of legal obligations or on the basis of a legitimate interest. We have a legitimate interest in particular in the use of the relevant data types for the stated purposes. This includes the provision of third-party services to you, the development and improvement of our products, the submission of offers and traffic flow analysis based on anonymised data. We also have a legitimate interest in passing on the data to the stated recipients in each case. If your rights are violated, you may either assert them by taking legal action at a competent court or submit a complaint to the competent data protection authority.

• Point of contact for data protection authorities in Switzerland: Federal Data Protection and Information Commissioner
• Points of contact for data protection authorities in the European Economic Area

13. How to contact us.  

If you have any queries or concerns, you can contact us as follows:   

• Contact form 
• Email: Datenschutz.cablex@cablex.ch 
• Post: cablex AG, Tannackerstrasse 7; 3073 Gümligen, Switzerland  

14. How may we change this Policy?  

¹ We reserve the right to amend this Policy at any time. The version published on our website shall apply.  

Last updated: August 2023.