Privacy statements on the internet
Swiss companies must have a transparent data processing policy by writing a privacy statement that is comprehensible to users and displaying it on their website.
Swiss companies must have a transparent data processing policy by writing a privacy statement that is comprehensible to users and displaying it on their website.
Privacy statements should inform the users of a website about the personal data that are collected and purposes for which the data are processed. In addition, it should be clear whether and which data is passed on to third parties. The privacy statement specifies the duties of the data controllers to provide information in accordance with Article 19 FADP. Users must thus be informed adequately and comprehensibly in order to be able to decide freely whether and how they want their data to be processed. In addition, users must have the information that they need to assert their rights. The statement must therefore be drafted with the necessary care and accuracy and be worded in a way that the target group can understand. If a company's website is provided in several languages, the privacy statement must also be provided in these languages. Transparent information about the company's data processing policy is also essential in order to gain the trust of the users.
Before starting to draft a privacy statement, the company's data needs must be ascertained, the current data processing operations analysed and clear guidelines issued on the handling of personal data. The privacy statement should then be written based on this information. The statement must take into account the provisions of the Data Protection Act and be consistent with the company's current data processing policy. General formulations such as 'under certain circumstances we may process your data in such or such a way' should be avoided.
We recommend that you do not start writing the privacy statement until at least the following questions have been answered:
For further information on the use of web analysis tools, such as tracking using cookies or the integration of social plugins, please see our web page on tracking.
The statement should provide the following information to the users:
The privacy statement should be written for the target audience. We recommend using several levels. The initial level accessed should provide concise and easy-to-understand information, e.g. key words, and provide an overview of the essential aspects of the data processing so that users can easily and quickly understand what data relating to them are being collected and how the data are used. Users should then be given a link to access the detailed privacy statement. You can also link the keywords in the overview directly to the relevant passages in the detailed privacy statement. If necessary, more in-depth and detailed information for experts could then be offered at a third level.
If a website targets an international audience, you must also check whether international regulations require further information.
Finally, the statement must be placed on the website in such a way that it is easily accessible to users from any page.
Last modification 23.07.2024