Privacy Statement

This Privacy Statement describes how Swisscom (hereinafter «Swisscom» or «we»), in various roles, processes your personal data in the Business Partner environment.

«You» are either an employee or other auxiliary of one or more Swisscom Business Partners (e.g. business customers, suppliers, authorities or other partners) – in this case your employer or principal is Swisscom’s «Business Partner»; or

«You» interact directly with Swisscom in the Business Partner environment (e.g. downloading relevant white papers, subscribing to newsletters, participating in webinars) – in this case, you yourself are Swisscom’s «Business Partner».

Swisscom as a contracted processor

To the extent that Swisscom processes personal data on behalf of the Business Partner, it does so in accordance with the contractual agreements between the latter and Swisscom. This generally includes the Data Processing Agreement of Swisscom (available at www.swisscom.ch/b2b legal). or an agreement negotiated individually with the Business Partner. If you have any data protection concerns, please contact the Business Partner directly, who represents the rights of data subjects in relations with you or who will inform you as to the identity of the controller within whose remit your concerns fall.

Swisscom as a controller in relation to the processing of personal data in the context of initiating and performing the contract and in relation to the contractual relationship

General matters

Swisscom processes personal data about you in connection with initiating and performing contracts with Business Partners and dealing with those contractual relationships.
The controller for such data processing is Swisscom (Switzerland) Ltd, Alte Tiefenaustrasse 6, 3050 Bern, unless otherwise specified in individual cases.
You may contact the data protection officer or data protection advisor of Swisscom Ltd and Swisscom (Switzerland) Ltd as follows:

• By email: datenschutz@swisscom.com
• By post: Swisscom (Switzerland) Ltd, Data Protection Officer Swisscom Ltd and
• Swisscom (Switzerland) Ltd, P.O. Box, 3050 Bern Our Data Protection Representative in the European Union may be contacted by supervisory authorities and data subjects on all issues relating to EU data protection law as follows:
• By email: info@datenschutzpartner.eu
• By post: VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany

Types of data processed

Depending on the intended or existing relationship between Swisscom and the Business Partner, the personal data processed are:

• Master and contract data such as personal information (e.g. date of birth, gender, language, criminal record or debt collection register extract), contact and identification data (e.g. name, postal/email address, profession/position, means of identification, ID number/copies), communications (e.g. correspondence with Swisscom in connection with orders, fault reports, satisfaction surveys, invitations) and contract data (e.g. contract type, start date, term and content).
• Technical data such as type, brand, software version or settings for the devices you use, addressing elements such as telephone numbers or IP addresses.
• Financial data such as payment information, payment history and creditworthiness data.
• Usage and connection data such as information about the use of the services provided by Swisscom or the tools/platform provided to you or the Swisscom Business Partner;
• Voice interaction and chat data such as voice recordings of calls to the Service Desk or chat content between you and our consultants.
• Location data, such as geo-information indicating the countries from which you are accessing systems or using Swisscom services, location data from mobile communications so that emergency services can locate you if required.

Purposes of Data

Processing Depending on the intended or existing relationship between Swisscom and the Business Partner, we process these data for the following purposes:

• initiating and performing contracts and supporting the contractual relationship. This includes, in particular, communication, physical/virtual access control, fault reports, orders, invoicing, satisfaction analyses, processing in connection with shared filing systems and/or tools,
• advertising, in particular the delivery of information about new products, the holding of events and the dispatch of newsletters and white papers,
• quality assurance, product development and for tailor-made offers,
• informing and reporting to the Business Partner on the use of our services, to the extent permitted by the contracts and the law,
• compliance with legal requirements, combating fraud and assessing creditworthiness.

Origin of the data

Depending on the intended or existing relationship between Swisscom and the Business Partner, we receive data inter alia from the following sources:

• from the Business Partner who provides them to us in the context of the contractual relationship,
• directly from you (e.g. when you place an order or place a request with our Service Desk, when you complete a form on our website or attend an event),
• from us when we collect data with our systems, for example as to how you use our services or systems or, for example, for data analysis,
• other Swisscom Group companies with which the Business Partner has a contract or is in contact,
• third parties who provide us with information about you based on privacy statements or contracts with you.

Recipients of the data

Depending on the intended or existing relationship between Swisscom and the Business Partner, your data will be passed on to the following recipients:

• the Business Partner of Swisscom,
• other companies (including other companies of the Swisscom Group) that are engaged as contractors for the provision of our services, the provision of and the support of our products, as well as sales and marketing, or who receive your data and use it on their own responsibility or jointly with us, or from whom you obtain additional services via us,
• authorities to which we are required to disclose or surrender data based on applicable law or to which we transfer data in order to enforce our claims.

Data protection measures

To protect your data from unauthorised or unlawful processing and to secure it against loss, unintentional alteration, unwanted disclosure or unauthorised access, we put technical and organisational measures in place, such as

• encrypting and pseudonymising certain data,
• creating backups,
• logging accesses and implementing technical access restrictions,
• issuing binding data processing instructions to our employees,
• entering into data protection and confidentiality undertakings with our service providers as well as the relevant controls.

Location of data processing

Your data may also be processed abroad, particularly if we engage service providers and distribution partners for the provision of our services, the provision and maintenance of our products, as well as sales and marketing. It is generally conceivable that your data may be processed worldwide, but this will occur primarily in countries of the European Economic Area, Kosovo and the USA.
If the processing occurs in countries whose legislation does not provide an adequate level of data protection, the protection of your data is ensured by taking the measures prescribed by law, including in particular the conclusion of contractual agreements (standard contractual clauses of the European Commission, which are available available here) along with appropriate technical and organisational measures.

Duration of processing

Swisscom will only use and store your data for as long as is necessary or technically required to achieve the purposes for which it was collected, to comply with statutory retention periods and for our legitimate interests in documentation. They will then be deleted or anonymised.

Legal bases

Our Privacy Statement is in accordance with the requirements of the Swiss Data Protection Act (DPA) and, to the extent applicable, the EU General Data Protection Regulation (GDPR). Depending on the purpose, the use of your data is premised on the following legal bases: necessity for conclusion or performance of a contract, for compliance with legal obligations, based on a legitimate interest or your general or individual consent. In particular, we have a legitimate interest in the use of the respective data types for the referenced purposes. This includes the provision of third-party services to you, the development and improvement of our products and the submission of offers as well as the analysis of traffic flows based on anonymised data. We also have a legitimate interest in forwarding the data to the respective identified recipients.

Your rights

If you have any questions concerning data protection based on a direct or indirect contractual relationship between the Business Partner and Swisscom, please contact the Business Partner in the first instance. Under the data protection law applicable to you and to the extent provided for therein, you have the right to information, rectification, erasure and surrender of certain personal data. You can exercise these rights by sending a request to that effect to the following address

Swisscom (Switzerland) Ltd
Regulatory & Policy
Data protection
P.O. Box
CH-3050 Bern

In your request, please state that you are making your request in the Business Partner context, and provide us with the name and, if possible, the role of the Business Partner (business customer, supplier etc. of Swisscom). In doing so, please mention the relevant business data details (e.g. your business email address, business telephone number) to which your request relates. In some cases, you and/or the Business Partner may adjust settings and restrictions for data processing through the “My Swisscom Business” portal. Please note that we reserve the right to invoke legitimate interests on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on such data) or require such data in order to assert claims. Should you incur any costs in connection with the exercise of your rights, we will inform you in advance. Please note that the exercise of your rights may conflict with contractual agreements and this may have consequences such as early contract termination or costs or you may no longer be able to use the service as intended by the Business Partner. In this case, we will inform you and/or the Business Partner in advance, unless this is already provided for by contract. If your rights are violated, you can either assert them by filing an action with the competent court or by lodging a complaint with the competent data protection authority.

• Contact data protection authority in Switzerland: Federal Data Protection and Information Commissioner, www.edoeb.admin.ch
• Contacts Data protection authorities in the European Economic Area: edpb.europa.eu/about-edpb/board/members_en

Swisscom as a controller in connection with the provision of telecommunications services

In providing telecommunications services, Swisscom also acts as a controller within the meaning of data protection law in addition to the Business Partner.
Swisscom processes data and content that are subject to telecommunications secrecy exclusively in accordance with statutory requirements. The content of your communications with third parties will only be recorded or stored after the transmission process if we are obliged to do so based on an order of a competent authority based on a corresponding decree or if this is part of the contractual service (e.g. Combox, Webmail, Mobile Voice Recording). Further information can be found in the Privacy Statement for Private Customers of Swisscom, which applies mutatis mutandis.

Direct customer contractual relationship with Swisscom

If you, as the data subject, are a direct customer of Swisscom, the Privacy Statement for Private Customers of Swisscom shall also apply.

Use of Swisscom web services

In connection with the use of our website, including the «My Swisscom Business» portal, please refer to our Online Privacy Statement. This also contains information about our use of cookies.

---

August 2023