Questions on data protection

You can find the answer to this question here:

You can find the answer to this question here:

You can find the answer to this question here:

You have a right to information from the data controller based on Art. 25 DPA. The controller must provide you with the available information about the origin of the personal data. If a controller refuses to provide information, you can assert your claim before the civil court. You can find further information here.

You can find the answer to your question here:

This is permissible under certain conditions. You can find more information here:

This is permissible under certain conditions. You can find more information here:

You can find the answer to this question here:

You can find the answer to this question here:

You can find the answer to this question here:

You can find the answer to this question here:

You can find the answer to this question here:

Data protection law does not protect data as such, but rather the persons about whom data is processed.

It contains legal norms that serve the protection of personality and informational self-determination and regulate the processing of personal data carried out by federal authorities or private individuals or legal entities (e.g. associations or commercial enterprises). 

The central data protection law enactment at the federal level is the Federal Data Protection Act, but there are also data protection provisions in many other federal laws that must be observed, e.g. in federal social security or police law.

You can also find introductory information on data protection in the FAQ of the Federal Office of Justice (in German, French, Italian)

Personal data is all information that relates to an identified or identifiable natural person. 

Information that relates to legal persons (e.g. to a company in the legal form of a stock corporation) is no longer covered. However, their protection continues to be guaranteed by other provisions of the legal system, e.g. the Civil Code and the Federal Constitution.

You can also find introductory information 

For private data controllers (companies, associations, SMEs...), the appointment of a data protection officer is voluntary. 

No, the function of data protection officer can also be performed by several people in the company or by a legal entity. However, the requirements of Art. 10 FADP must be met, in particular it must be a viable point of contact.

The penal provisions are primarily aimed at the actions (and omissions) of the persons in charge. A data protection advisor's primary task is to control and monitor the data processing processes of her organization. However, she should not have decision-making authority over these processes, nor should she be responsible for an information system. In other words, she is neither the one who decides on data processing nor the one who carries it out. Under these conditions - provided they are strictly observed - it is not a priori exposed to the risk of criminal prosecution. Moreover, it should be emphasized that the FADP only criminalizes intentional violations - as opposed to negligence.

However, the FDPIC points out that it is not a prosecuting authority itself and therefore it will not be its task to decide this issue in a practical case.

Further information on the criminal law aspects of the FADP:

You can find information about this here:

Art. 22 para. 1 FADP makes specifications in this regard. Further information can be found here:

Art. 23 para. 1 FADP makes specifications in this regard. Further information can be found here :

If you use standard contractual clauses recognized by the FDPIC, e.g. those of the EU Commission (Implementing Decision (EU) 2021/914), you do not have to notify the FDPIC. If you wish to use your own or previously unrecognized standard contractual clauses, these must be approved in advance by the FDPIC. The decision on approval is issued in an appealable ruling; no transfer abroad may take place beforehand.

Ja, der EDÖB hat die Standardvertragsklauseln der Europäischen Kommission (Durchführungsbeschluss (EU) 2021/914 der Kommission vom 4. Juni 2021 über Standardvertragsklauseln für die Übermittlung personenbezogener Daten an Drittländer gemäß der Verordnung (EU) 2016/679 des Europäischen Parlaments und des Rates) in seiner Mitteilung vom 27.08.2021 anerkannt.

The list can be found in Appendix 1 

Processing regulations - not to be confused with the processing directory - must be drawn up by private data processors if they carry out automated processing of personal data requiring special protection on a large scale or carry out high-risk profiling.

The regulations (in the form of a manual or as documentation) provide information on the internal organization, e.g. description of the system architecture; on the data processing procedures, in particular data disclosure and the exercise of information rights; on the control procedures (authorizations) and on the technical and organizational data security measures.

As photographs of employees may reveal information about their religion, race or a physical disability, and usually serve no practical purpose, they may only be published on the internet or intranet with the data subject's consent. The same applies to photos of events, such as Christmas parties or company excursions. In principle, it should be evaluated beforehand whether publishing the staff photographs is really necessary in the specific case.

Staff appraisals are relevant in the workplace and can be stored in an HR file, both during an employment relationship and after it has ended. The processing and storage of the appraisal is particularly in employees' interest as they are entitled to a final reference until expiry of the limitation period. The limitation period is usually considered to be ten years (Article 127 Swiss Code of Obligations, CO). This means that employees can contest a reference before the courts up to ten years after it is issued. When drawing up an employment reference, usually only the last two employee appraisals are considered. Earlier appraisals should be regularly removed from the HR file and destroyed.

In its standard dealings, the HR department does not usually need all appraisal documents (such as the personality profile). For salary management reasons, however, it is entitled to consult the outcome of an employee appraisal. In addition, in exceptional cases and on the basis of specific obligations, it can use other information from the performance review meeting if this is necessary for organisational reasons.

Accordingly, employee appraisals must generally be stored in a sealed envelope in the HR file.
In terms of computerised management of employee appraisals, it is advisable to encrypt electronic performance review forms when sending and in the corresponding database.

Yes. An employer can, for example, issue a directive saying that employees can only use the phone and/or email for work purposes. Restrictions can be placed on private browsing by blocking unwanted websites (e.g. stock market or porn sites), or by setting a time from which private internet use is allowed (e.g. during breaks or after 6pm).

They can primarily do so using technical safeguards. While they do not provide absolute security, such technical safeguards can reduce the risks associated with internet and email use.

Through the use of safeguards, employers should be able to prevent potential risks to the security and functioning of their electronic systems at an early stage. The preventive effect of safeguards should largely replace the use of repressive methods such as surveillance. The most important technical safeguards include password and access protection, antivirus and disk quota managers, backups and firewalls. In addition, the latest versions of browsers and mail programs should be installed and configured securely, and should be regularly updated.

Employers cannot read the content of emails marked or identifiable as private even if the private use of email is prohibited according to the regulations for use. It can monitor compliance with the ban on private use, but only on the basis of addresses. The systematic monitoring of emails using spy programs (content scanners) is not permitted.

However, employers are entitled to carry out performance and business controls. The systematic analysis of work email that is not expressly marked as private must be justified and proportionate, and employees must be notified in advance.

Various elements may indicate that a letter or parcel is private: they may be expressly marked as 'private' or 'confidential' or they may be identifiable as such based on the way they are addressed. However, putting the person's name before the company name on a letter is not enough to designate it as private; it must be explicitly marked as such (e.g. with the words 'private', 'confidential' or 'c/o'). If external characteristics suggest that the letter is of a private nature (e.g. colour or format), it should be forwarded unopened to the addressee. If in doubt, do not open the letter but forward it, possibly with a corresponding note.

With emails it is usually more difficult to determine whether the message is private. Here, too, the following rule applies: if in doubt, do not read as private mail enjoys unlimited protection (postal secrecy). Instead, flag the problem to the recipient and ask them whether the mail in question is private or not.

When an employee leaves a company, they must be given the opportunity to take all private messages from their inbox with them (as well as all other personal data). The work emails that are still needed or are still in progress should be forwarded to the deputy or line manager. At the end of the employee's last working day, their inbox should be emptied and blocked.

In the event of a foreseeable absence, the employee in question can set an out-of-office reply. An automated forwarding rule may also be defined, which transmits every incoming message to the deputy. However, this measure is problematic for two reasons: first, because it is not easy to ensure that private messages will not also be forwarded; and second because the sender has no way of preventing the message being forwarded. An out-of-office reply containing the email address of the deputy is therefore a better idea. This leaves it up to the sender to decide whether or not to email the deputy.

In addition, it is worth considering the creation of a functional non-personalised email address (salesmanagement@firma.ch) in addition to a personalised email address (hans.meier@firma.ch). This solution offers a number of advantages: on the one hand, it is immediately obvious that an email sent to this address is a work message; on the other, staff changes will not have a negative impact on email traffic if a certain person leaves the company as long as their role still exists.

The secretariat can open business mail. However, private mail that an employee receives at their workplace enjoys unlimited protection. Of course, this means that it must be immediately obvious that the letter or parcel is of a private nature.Various elements may indicate that a letter or parcel is private: they may be expressly marked as 'private' or 'confidential', or it may be clear from the way they are addressed (Hans Meier, c/o Firma AG). In any case, putting the person's name before the company name on a letter is not enough to designate it as private. It must be explicitly marked as such (e.g. personal, confidential, c/o). If external characteristics suggest that the letter is of a private nature (e.g. colour or format), it should be forwarded unopened to the addressee. If in doubt, do not open and forward instead, possibly with a corresponding note.

The content of phone calls may only be recorded for performance monitoring or for security reasons, and in such cases, only if the persons whose calls are being recorded have given their consent and have been informed in a clear and timely manner. There are other ways of enforcing a ban on private calls rather than monitoring phone calls (e.g. by routing outside lines via a central switchboard, or only allowing such calls to be made on certain lines).

Surveillance and control systems may not be deployed for the purpose of monitoring employee behaviour in the workplace. If surveillance or control systems are required for other reasons (production management or security controls), they must be designed and organised so as not to affect employees' health and freedom to move around freely.

The question of whether to retain or delete personal data in an employee file that are no longer required raises various issues and uncertainties for employers. From a data protection perspective, the principle of proportionality is particularly important. 

Under Article 328b of the Code of Obligations (CO), the only processing of personal data that is permitted is processing that relates to the employee's suitability for the job or that is necessary for the performance of the employment contract (the data must be work-related). This provision emphasises the general principles of data processing related to employment, in particular that processing must be proportionate and have a specific purpose (Art. 6 para. 2 and 3 FADP).

The criterion of relevance to the job set out in the CO and the data protection principles of proportionality and purpose limitation have the same objective: the employer must only process personal data that is genuinely needed, which also means that personal data must be deleted if it is not (or no longer) needed or the purpose of the data processing has been fulfilled. 

Retention period

The duration of storage that is permitted, i.e. how long the storage of personal data remains proportionate and necessary for the employer-employee relationship, must also be assessed in the light of the employer's obligations under civil and commercial law. The FADP itself does not specify a retention period, but sets out general principles for the processing of personal data. The retention period must be defined individually for each category of data. 

Before employment begins or during the application process, the only personal data of the applicants that may be processed are the data relating to their suitability for the job. When applicants are unsuccessful, employers may retain the application data for up to three months after rejecting their application in order to be able to defend or justify themselves in the event of a claim based on a discriminatory refusal of employment in terms of the Gender Equality Act (Art. 8 para. 2 in conjunction with Art. 5 para. 2 GEA). A further extension of the retention period for a few weeks may also be justified if there is a delay in the court serving the statement of claim on the defendant employer. 

During and after the end of the employer-employee relationship, the employer's various obligations must be taken into account; these depend on the employer's field of activity. 

Firstly, employers are required under employment law to retain various data for certain periods; these include: 

• a retention period of 5 years for personal data required to fulfil the obligation to pay a salary, such as data on working hours, sickness absences, holidays, etc. (Art. 322 CO in conjunction with Art. 128 CO); 
• a retention period of 10 years for the personal data required to issue an employment reference (Art. 330a CO in conjunction with Art. 127 CO).

In addition, employers normally have various general documentation and retention obligations, in particular:

• a retention period of 10 years for the personal data required in connection with the obligation to keep accounts (Art. 958f CO), in particular business books, accounting vouchers, business and audit reports;
• a retention obligation under tax law of 10 years for the documents to be retained for this purpose (Art. 126 para. 3 Direct Federal Taxation Act (DFTA)). 

Furthermore, other retention periods may result from various sector-specific obligations, such as reporting, disclosure or information duties (under the Anti-Money Laundering Act, Banking Act, etc.). 

Method of storage

The Data Protection Act also does not mention any specifics with regard to the method of storage (in paper or digital form), although certain requirements may be stipulated in other legislation. Under tax law, for example, original receipts may be requested (see Art. 126 para. 2 DFTA). 

With regard to the obligations under civil and commercial law, it is up to the employer to decide which form of retention is best (for example, there may be an issue as to the probative value in employment law proceedings of documents that are only stored digitally). Here, however, the decision is not based on data protection law, but on contractual and procedural considerations. 

From the perspective of data protection law, data controllers must ensure that the principles of data protection law are complied with and that the rights of data subjects (e.g. of access, rectification and erasure) can be guaranteed. If an (exclusively) digital format is chosen for employee files, special attention must be paid to data security and appropriate technical and organisational measures must be taken to protect data on employees from unauthorised access (for example by hacking).

The GDPR does not apply directly in Switzerland. However, it could specifically apply to Swiss companies if, among other things, they process data of EU residents in order to offer goods or services in the EU, or if the data is used to monitor the behavior of individuals, e.g., analyzing the data of website visitors or app users from the EU. We have published a detailed document on the GDPR and its impact on Switzerland. You can find it under this link:

Swiss companies are primarily subject to Swiss law and should therefore comply with the FADP.

Yes. Data protection law also applies to all medical records kept by private doctors and private clinics. Hospitals that are considered federal bodies under the FADP are also subject to the federal data protection legislation (e.g. the SUVA clinic in Bellikon). For medical records that are kept by hospitals with a cantonal mandate (e.g. cantonal hospitals), the relevant cantonal data protection law applies.

Yes. The medical record constitutes a data file as set out in the Data Protection Act. On the basis of the right to information under data protection law, you can request information about your data at any time. To do so, you need to submit a request in writing and present proof of identity (enclose a copy of an official identity document). Your doctor or hospital must then provide you with copies of your complete medical record, or the requested sections of it. Medical records include all documents relating to your treatment, including X-rays, ECGs, reports and correspondence.

If both parties agree, the medical record can also be consulted at the hospital or medical practice. This may be particularly useful if the medical record is very extensive or if additional clarification is needed from the doctor (such as explanations of specialist terms).

The right to information can also be exercised for medical records that have already been archived.

Personal notes made by the doctor do not fall under the right to information. However, this only includes personal notes that the doctor makes exclusively for their own use, e.g. remarks or reminders. Notes that contain information that is necessary for treatment and are consulted and used by assistants belong to the medical record and are subject to the right to information.

The Federal Act on Data Protection does not give patients the right to obtain the original of their medical records. Whether this right can be derived from other legal provisions or from the contractual relationship between doctor and patient remains contentious.

Indeed, legislation in some cantons expressly requires the doctor to keep the original medical records. If this is the case, only copies can be provided to patients during the prescribed archiving period (usually ten years). The records may not be completely destroyed during this period. The law does not allow a patient to exempt a doctor from this obligation, even if the patient declares that they waive any claims for medical negligence or any other legal rights.

In principle, the information is free of charge. A contribution to costs may only be requested in exceptional cases, e.g. if the request is particularly laborious or time consuming. This means more than just copying, printing and sending documents. In any case, the contribution to costs may not exceed CHF 300. If a contribution is requested, it must be justified and the patient must be notified before the information is supplied, so that they can withdraw or alter their request for information if they wish (e.g. restrict it to a specific period or to specific documents).

No. The right to information may be exercised at any time without stating reasons. It is beneficial if you specify in your information request in what context you are requesting the information.

You can enforce your right to information before a court. If your case involves private doctors and private clinics, the claim needs to be taken to a civil court. You can file the claim either with the court at your place of residence, or with the court where your doctor or hospital is located. With regard to federal bodies, such as the SUVA Clinic Bellikon, the right to information is governed by the Administrative Procedure Act. For information requests involving cantonal hospitals, the cantonal legislation applies.

The Data Protection Act does not set out any specific retention periods. According to the principle of proportionality, data that is no longer required should be destroyed. As a rule of thumb, the general limitation period of ten years is applied. In individual cases, a shorter or longer retention period is possible. In some cantons, cantonal health legislation sets out specific retention periods.

A doctor can pass on patient data if the patient has given their consent, if their supervisory authority has released them from medical confidentiality, or if the disclosure of their data is provided for by law.

Yes. To pass on information to other doctors, the doctor must have obtained the patient's consent. This means, for example, that a doctor who is providing you with a second opinion cannot notify your attending doctor without your consent. The fact that the doctor receiving the information is bound by medical confidentiality is irrelevant. If the patient is being treated by a team of doctors, it can be assumed that there is implied consent for information to be shared within the team.

Yes. If employees are absent due to illness or accident, the employer can have them examined by the company physician (medical officer). Company medical officers are also bound by medical confidentiality. This also applies with regard to the employer. Medical officers may only inform the employer about their medical conclusions if they are essential to the employment relationship. Usually this is a statement about the employee's fitness for work (e.g. full/partial incapacity to work as a result of illness/accident and expected length of absence). The company medical officer may not, however, disclose medical data without the employee's consent. This particularly applies to the disclosure of diagnoses.

Yes. The medical examiner and their assistants are also bound by medical confidentiality. The medical examiner may only notify the responsible party in the health insurance administration of their conclusions so that they can make a decision regarding liability for a claim.

Employees of health insurance companies are also bound by the duty of confidentiality. For them, the statutory duty of confidentiality applies, which is set out in the general section of the Social Insurance Act. If an employee works directly for a medical examiner, they are deemed to be their assistant and are therefore bound by medical confidentiality.

No. Medical confidentiality requires doctors to keep confidential any information that becomes known to them in the exercise of their professional activity. Patient data may only be disclosed to third parties if the patient has released the doctor from their duty of confidentiality, or if it is permitted by law. This also applies with regard to the employer of a sick employee.

Yes, but only if it relates to compulsory basic health insurance and the debt collection proceedings have resulted in a certificate of loss. Cantonal provisions may stipulate that the notification can be made at an earlier stage.

Yes, but they must notify the patient and obtain their consent. This is because in order to generate the bills, the external medical administrators (Ärztekassen) have access to medical data which is subject to medical confidentiality.

Nowadays it is common in many medical and dental practices to get patients to complete a health questionnaire on a more or less regular basis (e.g. once a year or when registering at a new practice). These questionnaires sometimes ask for detailed information (e.g. personal details, employer, insurance, state of health).

Collecting this information is data processing and must therefore comply with the principles of the Federal Data Protection Act. These include the principle of proportionality, which means that only data that is actually required for the intended purpose may be collected.

As the details on the questionnaire are systematically collected from all patients, only information that the doctor/dentist needs for normal treatment may be requested. Patients are not obliged to answer questions they consider disproportionate. Ask your doctor to explain why individual questions (or the whole questionnaire) are needed.

The following principles apply to patient questionnaires:

• Completing the questionnaire is voluntary. This must be stated clearly and unequivocally on the questionnaire.
• Despite the fact that completing the questionnaire is voluntary, the principle of proportionality still applies, in other words the doctor/dentist can only ask for information that may in theory be relevant to treatment. The following are not necessary: employer, AHV/AVS no., partner's name/occupation, marital status and insurance details, as long as the bill is paid by the patient (frequently the case for dental bills).
• Generally-worded blanket consent clauses in which the patient releases the doctor/dentist in advance and without limitation from their medical confidentiality obligations are invalid. However, such patient questionnaires may include specifically-worded declarations of consent. Consent is needed, for example, to outsource billing to an external administrator. The same applies to consent for data disclosure for debt collection purposes (see FAQs on medical and premium invoices).

Please note that questions that are disproportionate on a questionnaire may be justified in individual cases. But in such cases, the doctor must be able to explain to the patient why the question is necessary.

For example, a patient's HIV status is not general information that a dentist needs as part of routine treatment. This question should therefore not be systematically asked of all patients.

In specific cases, however, the question regarding HIV status may be justified or even necessary. For instance, if a specific treatment entails a risk of infection for the dentist, or if the dentist needs to prescribe a certain medication which is not compatible with other medications (e.g. HIV drugs).

My doctor/physiotherapist/dentist, etc. has asked me to sign a declaration of consent. Why does he/she need this document?

In order to process our medical data for a course of treatment or a check-up, healthcare professionals generally require our express consent (Art. 6 para. 7 Data Protection Act (FADP)). At the same time, they also have a duty to provide their patients with information: under Article 19 FADP, they must inform patients in particular about the purpose of the data processing and about any intended disclosure of data (e.g. disclosure to another doctor, to a billing company, etc.).

As well as being subject to the provisions of the FADP, many healthcare professionals are bound by professional confidentiality in accordance with Article 321 of the Swiss Criminal Code: as a general rule, healthcare professionals may not pass on any information about a patient without that patient's consent. (You can find further information here: Patient data-disclosure)

Several organisations (including the Swiss Medical Association and the Ärztekasse/Caisse des Médecins) have prepared a model declaration of consent for their members and partners. These forms usually have a dual purpose. Firstly, they inform patients about the processing of their data, as required by Article 19 FADP. Secondly, they allow healthcare professional to obtain their patients' consent. It should be noted that, under the law, neither the information nor the consent need be given in writing: however, written consent is often preferred for reasons of documentation and proof. By signing the form, patients confirm that they have been informed and agree to their data being processed to the extent described.

The form must have a certain degree of precision: patients must be able to understand exactly what they are agreeing to. This applies in particular when it comes to professional confidentiality pursuant to Article 321 of the Swiss Criminal Code: if the form already provides for situations in which the healthcare professional plans to pass on the data to a third party (e.g. if the doctor plans to use a third party for billing), these situations must be described with sufficient precision so that the patient can recognise exactly what is intended.

In relation to professional confidentiality pursuant to Article 321 of the Swiss Criminal Code, it should be mentioned that in certain cases the law permits or obliges the professional to disclose data (e.g. notification of the child protection authority under Art. 314c Civil Code if a child appears to be at risk, or notification of the diagnosis of a communicable disease under Art. 12 of the Epidemics Act).

Patients are under no obligation to sign the form. They do not have to accept any clauses that they consider inappropriate, and can therefore delete them. However, it is important to realise that professionals require consent in order to carry out their work and that they have an understandable interest in having a written document that also proves that the information has been provided. Therefore, a refusal to sign or the deletion of certain clauses may result in healthcare professionals refusing treatment because of the legal uncertainty they may face. If certain elements of the form are unclear or seem excessive, or if questions remain unanswered, discuss this with the person who gave you the form.

No, they can't make you complete a health questionnaire. There is a requirement to take out insurance, which means that health insurers have to accept you, regardless of your age or state of health. And they cannot impose any restrictions or waiting periods.

On the other hand, if you apply for supplementary insurance, the insurance company is entitled to ask you questions about your state of health, impose restrictions or reject your application.

Medical examiners advise health insurance companies on medical matters and on issues to do with remuneration and the application of flat-rate amounts. In particular, they review the conditions of the health insurer's liability (i.e. they check whether the medical treatment has to be covered by the health insurance company). Only information that is necessary to make a decision on liability, to define the remuneration, or to justify a decision is passed on to the responsible parties at the health insurance company. In this way, medical examiners act like a filter and protect the privacy of insured persons.

The medical examiner is a statutory arrangement only in relation to compulsory health insurance. In others fields of insurance (invalidity insurance, accident insurance, military insurance, private insurance) we talk about medical officers or medical reviewers. These fields of insurance have their own rules regarding data disclosure.

No. In justified cases, doctors are entitled by law to disclose medical information to the health insurance company's medical examiner only, and are required to do so if the insured person requests them to.

You therefore have the option of requesting that your attending doctor only disclose health data to the medical examiner.

During the registration procedure, both public and private daily allowance insurance companies may request information about the state of health of employees or of the persons to be insured. However, insurance is bound by the principle of proportionality, which means that only the personal data that is necessary and specific to achieving the desired objective may be obtained. This also means that the health data should be passed on to the medical examiner or medical department of the relevant daily allowance insurer.

Acceptance on a public daily allowance insurance scheme is governed by the provisions of the Federal Health Insurance Act. In terms of data collection by a daily allowance insurer, it should be borne in mind that a restriction of up to five years may be imposed on insured persons. In addition, public daily allowance insurers – as opposed to private ones – are required to accept every applicant, regardless of their state of health.

No. This is because the health data should only be sent to the daily allowance insurer or its medical examiner or medical department. It is up to the daily allowance insurer alone to decide whether or not to accept someone.

In practice, application forms are often designed in such a way that employers as policyholders can access the employee's health data. These forms are not compatible with data protection legislation. In this area it is primarily up to the daily allowance insurer to organise the registration procedure so that the employer cannot access employees' health data.

Health data is mainly needed during the registration procedure and in any subsequent claims. Daily allowance insurers can then obtain health data about employees from third parties if there are grounds for justification as defined in the Data Protection Act.

The consent of the employee is a possible justification. Consent is necessary in particular if a daily allowance insurer wants to obtain information from a doctor, as doctors are bound by medical confidentiality under the Swiss Criminal Code. Furthermore, written consent is required by law if information needs to be obtained from a social insurance provider.

However, the consent clause is only valid if the employee is aware of the scope and consent of the consent (principle of transparency). This means that the consent form must clearly and unequivocally state what information can be obtained and from whom. The principle of transparency particularly applies to sensitive personal data such as health data. A 'blank authorisation' to release data is incompatible with data protection legislation.

Provided an employee fulfils the conditions for compulsory insurance under the OPA, the occupational pension fund is obliged to accept them. Health data can thus not be requested in order for an employee to join a compulsory insurance scheme.

If, however, the insurance benefits offered go beyond compulsory insurance, health questionnaires are generally permitted. In this case, the pension fund is not acting as a social insurer but as a private insurer. Nevertheless, the pension fund must comply with the principle of proportionality, according to which it can only demand the personal data that is necessary and specific to achieving the desired objective. Also, in accordance with this principle, the data must be addressed to the pension fund's medical examiner or medical department.

Acceptance on supplementary insurance schemes complies with the provisions of the Swiss Code of Obligations (CO), under which occupational benefits funds may make reservations on health grounds in relation to invalidity and life policies. Such reservations may be made for a maximum of five years. The statutory provisions of the CO must be considered when implementing the principle of proportionality.

No. This is because the health data should only be sent to the pension fund or its medical examiner or medical department. It is up to the pension fund alone to decide whether or not to accept someone onto a supplementary scheme.

In practice, application forms are often designed in such a way that employers as policyholders can access the employee's health data. These forms are not compatible with data protection legislation. In this area it is primarily up to pension funds to organise the registration procedure so that employers cannot access employees' health data.

Health data is mainly needed during the registration procedure and in any subsequent claims. Pension funds can then obtain health data about employees from third parties if there are grounds for justification as defined in the Data Protection Act. This is only permitted for supplementary insurance schemes, however.

Possible grounds for justification are the consent of the employee. Consent is necessary in particular if a pension fund wants to obtain information from a doctor, as doctors are bound by medical confidentiality under the Swiss Criminal Code. Furthermore, written consent is required by law if information needs to be obtained from a social insurance provider.

However, the consent clause is only valid if the employee is aware of the scope and extent of the consent (transparency principle). This means that the consent document must clearly and unequivocally state what information can be obtained and from whom. The transparency principle particularly applies to sensitive personal data, such as health data. A 'blank authorisation' to release data is incompatible with data protection legislation.

The obligation to keep records is stipulated in Art. 4 Ordinance to the Federal Act on Data Protection.

The privacy policy implements the duty to inform according to Art. 19 DSG. You can find further information here:

You can find the answer to this question here:

The total revision is intended to strengthen the data subjects' self-determination over their personal data. You can find an overview of the most important changes here:

Companies and other organizations under private law with more than 250 employees as well as federal bodies must keep a register of processing activities.

Smaller companies and organizations under private law as well as natural persons must also keep a processing directory if they process personal data requiring special protection on a large scale or if high-risk profiling is carried out. 

Please note: even if a company is exempt from the obligation to keep a processing directory, the other provisions of the Data Protection Act still apply, in particular the obligations to provide information and to supply data.

The following information should be visible from the list of the responsible person:

• Processing operation - e.g. HR, customer care, finance, marketing....
• Purpose of processing - why is the data needed?
• Categories of data subjects - e.g. customers, employees....
• Categories of personal data processed - e.g. address data, payment data, pictures...
• Categories of recipients - e.g. advertising agency, hosting, debt collection...
• Disclosure abroad - to which countries and - where necessary - with which guarantees?
• Retention period - per processing operationData security measures
  

Only federal bodies must report their processing directories to the FDPIC. The datareg reporting portal is available for this purpose:

You can find the answer to this question here:

Pictures of other persons may generally only be published with the permission of the person depicted. You can find further information here:

Pictures of other people may generally only be posted with the permission of the person depicted. You can find further information here:

You can request the removal of the images or video. You can find further information here:

According to Art. 24 FADP, there is a notification obligation if the data breach that has occurred is likely to result in a high risk to the personality or fundamental rights of the data subject.  As the person responsible, you can make the notification here:

You can find useful tips here:

No. Any person may ask the controller whether personal data concerning them are being processed, without having to prove or make credible an interest in obtaining this information. 

The controller, i.e. the private person or federal body that, alone or jointly with others, determines the purposes and means of processing personal data. When several data controllers jointly process personal data, you can exercise your right to information with any one of them. 

Furthermore, if the controller delegates the processing of personal data to someone else, it is still the controller who is required to provide the information requested. The delegated assistant must help the controller in providing the information, unless the assistant responds to the request on behalf of the controller.

In the case of personal data about your health, you can designate a health professional to whom the data may be disclosed, so that he or she can explain the data to you.

You must be given the information necessary to enable you assert your rights and to ensure the transparency of the processing operation. In any case, you will receive the following information: 

a. the identity and contact details of the controller; 

b. the personal data processed as such; 

c. the purpose of the processing; 

d. the period of time for which the personal data will be kept or, if this is not possible, the criteria for determining the period of time; 

e. the available information on the origin of the personal data, unless the data have been collected from the data subject; 

f. where applicable, the existence of an automated individual decision as well as the logic on which the decision is based; 

g. where applicable, the recipients or categories of recipients to whom personal data are disclosed, as well as the information provided for in Article 19 paragraph 4 FADP.

The request must be made in writing (or verbally if the controller agrees). The information is provided in writing or in the form in which the data are presented. By agreement with the controller, you can consult your data on the spot. If you agree, the information may be provided verbally. The information may be requested and provided online. It must be provided in a comprehensible form. The controller must take adequate measures to identify you, and you are required to cooperate with this.The controller must also ensure that your data are protected from access by unauthorised third parties when providing you with the information. 

In principle, the controller should provide the requested information free of charge. Exceptions are possible, in particular if providing the information requires disproportionate efforts; a suitable contribution to the costs may be requested (maximum CHF 300). If a contribution is required, you must be informed of the amount before the information is provided so that you can withdraw the request within ten days. 

As a general rule, the information must be provided within 30 days of receipt of the request. If the information cannot be provided within 30 days, the controller must inform you of this and tell you when the information will be provided. 

If the controller refuses to give you the information, restricts the information given or delays giving you the information, he or she must communicate this within the same period.

As a general rule, the information must be provided within 30 days of receipt of the request. If the information cannot be provided within 30 days, the controller must inform you of this and tell you when the information will be provided. If the controller refuses to give you the information, restricts the information given or delays giving you the information, he or she must communicate this within the same period.

In principle, you have the right to be fully informed about all the data contained in the file which concern you. If the data controller refuses, restricts or postpones the disclosure of the requested information, he or she must inform you of the reasons for this.

Please note that if a federal body refuses you access or grants only limited access to information, it must issue a formal decision to you.

If you are of the opinion that the controller has not complied with his or her obligation to provide information or has only done so in part, you can take the following steps:If the controller is a federal body, you can file an appeal against the decision with the Federal Administrative Court within 30 days.

If the data controller is a private individual, you can take legal action (civil action) to assert your right to information. The court in the place of residence or business of one of the parties is competent to rule on actions and requests based on the FADP. The judge will decide under a simplified procedure. No court fees are charged for disputes relating to the right of access under the FADP. You may apply to the court in person or be represented by a lawyer. You will need to include copies of your correspondence with the controller.

As a general rule, you have the right to be fully and correctly informed about the data that is being processed about you. Providing this information can only be refused, restricted or postponed if permitted by a formal law or if required by the overriding interest of a third party. 

Private controllers may also refuse, restrict or defer the disclosure of information if their own overriding interests so require and provided that they do not disclose the data to third parties.

If the controller is a federal body, it may also refuse, restrict or defer the disclosure of information if an overriding public interest, in particular relating to Switzerland’s internal or external security, so requires, or if the disclosure of the information could jeopardise a criminal investigation or other investigative procedure.

If controllers refuse, restrict or postpone the disclosure of information for any of the above reasons, they must inform the data subject. Controllers are obliged to state the reasons for the decision.

Participating in research projects or studies is always voluntary. You must not be put at a disadvantage for not taking part. Your consent to participate in such a project must be given in writing and is only valid if you have been notified in advance of the aim and purpose of the project and the planned data processing activities. This is usually done through information pamphlets and information sessions. You can also withdraw your consent to participate in research projects and studies at any time. If you do, your data should be automatically deleted. To be on the safe side, you can request confirmation of this. You can also exercise your right to information on research projects and studies at any time, as set out in the Data Protection Act .

Under certain conditions, this is permissible. You can find further information here:

Here you will find the necessary instructions before installing a video camera: