What is the purpose of data protection?

The purpose of data protection is to ensure that the privacy of natural persons about whom data is stored is protected and that no personal rights are violated by the processing of their data.a:primo attaches great importance to your right to protection of your privacy and your personal data. You should feel secure when dealing with a:primo and feel that your personal data is in good hands. a:primo guarantees that with respect to the personal data that a:primo stores and processes for you, all data protection regulations will be complied with at all times.

What is the legal basis for data protection?

This privacy policy is based on the requirements of the Swiss Data Protection Act (DPA) and the European General Data Protection Regulation (GDPR). In Switzerland, the GDPR applies when personal data about EU citizens is stored. Digital services from a:primo that are used on behalf of the public sector are also subject to the Law on Information and Data Protection (IDG) of the Canton of Zurich.

What is the difference between data protection and data security?

Data protection is not the same as data security. Data security is to guarantee that no stored data is lost, falsified or falls into the hands of unauthorised persons. Data security deals with all data of an organisation, personal as well as non-personal. Data security is a mandatory prerequisite for functioning data protection.

What data is subject to data protection?

Data protection deals exclusively with personal data, i.e. data that contain a unique reference to a natural person (e.g. names, e-mail addresses, insurance numbers). If the personal reference is removed from the data, i.e. if the data is made anonymous, then it is no longer subject to data protection. Which specific personal data is processed and stored in which way depends on the a:primo services you use. However, all processing and storage is for a specific purpose, i.e. it may only take place within the framework of the services used and may not serve any secondary purposes.

How is data protection guaranteed in concrete terms?

a:primo uses various technical and organisational measures (TOM) to ensure that data protection is guaranteed. Below is an overview of the most important measures:

a:primo processes and stores personal data exclusively with digital services. There is no personal data on paper, apart from correspondence by letter.

All digital services are provided cloud-based via the internet and are accessible as web applications via a browser. New service versions and error corrections are thus immediately available.

All data transfers via the internet between browser and services or between services are encrypted.

No software is installed locally on the users' devices, nor is any data stored locally. The only exception are services that can also be used on the move and for which there are additional mobile apps that can be installed optionally.

Users of a:primo apps can only access their user account via username and password. All user accounts are opened and managed by a:primo. For a:primo internal users, two-factor authentication is mandatory; for external users, the second factor is waived until further notice due to manageability.

All data that sponsoring bodies collect within the scope of their user accounts with an a:primo app is only used for this app and is not exchanged with other a:primo apps, with third-party apps or with third-party organisations.

a:primo does not have access to personal data collected with a:primo apps, but only carries out anonymised processing. For details on data protection, see the user agreements with the sponsors for these apps.

As a matter of principle, a:primo does not pass on any personal data to third parties, apart from for processing and storage in the data centre.

All digital services that a:primo obtains from data centres are licensed by a:primo for a fee, except for social media, which is used free of charge.

Where does the data processing and storage take place?

Data processing and storage forData centre
in Switzerland

in Germany
see provider
Internal processes of a:primoMicrosoft Cloud  
a:primo apps for partner organisationsMicrosoft Power Apps (online monitoring for schritt:weise and ping:pong)  
Communication with partner organisations, business partners and the publiccmsbox(website, shop)
Microsoft Teams(audio/video meetings, chat, file sharing)
Sendinblue (Newsletter) 
Social media  Youtube
Facebook
LinkedIn

Who is responsible for data processing and storage?

Association a:primo
Ackeretstrasse 6
8400 Winterthur
Switzerland
+41 52 511 39 40
winterthur@a-primo.ch
www.a-primo.ch

The following delimination of responsibility applies:

The above responsibility only applies to data processing and storage that a:primo carries out itself or outsources to contractors (data centres).

For data processing and storage (e.g. Excel exports) that a:primo clients (partner organisations) carry out under their own responsibility using a:primo apps, the responsibility lies with the clients.

Who is a:primo's data protection officer?

For all matters relating to data protection, please contact:
Annika Meile
+41 52 511 39 46
winterthur@a-primo.ch

Status of this privacy policy: 24 July 2022