Privacy Notice Alpiq Group

Alpiq Holding Ltd. is responsible as the controller for your personal data:

Alpiq Holding Ltd.
Ch. de Mornex 10
1003 Lausanne, Switzerland
E-mail: infomail@alpiqweb.com
Tel. +41 62 286 7111
(hereinafter "Controller")

To ask questions or make comments on this Notice and our privacy practices or to make a complaint about our compliance with applicable data protection laws, please contact us or our local privacy contact. You can find all contact details by clicking here.

If you browse (i) our website located at the following address: www.alpiq.com or (ii) our mobile applications (hereinafter "Online Applications") operated by the Controller, or if you (hereinafter “User”) use the functional options provided in the Online Applications, such as the optional newsletter and other related information sent by the Controller, post your opinions/comments on the Online Applications, or view our official social network profiles (including Facebook, LinkedIn, Instagram and YouTube, together hereinafter “Social Network Profiles”); or

If you, as a natural person, are a (potential) customer (hereinafter "Customer") using the products and services offered by the Controller, or a (potential) supplier, contractor or subcontractor (hereinafter "Supplier"); or

If you are a natural person acting on behalf of a (potential) Customer or Supplier, or the contact person of a Customer or Supplier, including its employees or associates (hereinafter “Representative”); or

If you contact us by phone or SMS, electronically by e-mail or chat, via contact form, or by post, on any matter, or the Controller contacts you by phone or SMS, electronically by e-mail or by post on any matter, and you are not concurrently a Customer, Supplier or a Representative (hereinafter “Contact Person”);

then this Privacy Notice is addressed to you.

When you visit our website or use our Online Applications:
If you browse our websites or use our Online Applications - we automatically collect some of your personal data. Please read our "Cookie Notice" on www.alpiq.com for more detailed information.

When concluding a contract with us:
You may act as a Representative or a Customer, by concluding a contract with us. For this purpose, we collect your first and last name, e-mail address, your phone number.

When you create an account on our website:
We collect your first and last name, your e-mail address, your phone number as well as your assigned account number and your chosen password.

When you subscribe to our newsletter:
We collect your e-mail address, your first and last name and information on the ordered product/services of your preferences.

When you submit a contact request:
We collect your contact details and information on your contact request, which may include your name, e-mail, telephone number and home or business address.

When you submit a media enquiry:
We collect your contact details and information on your media enquiry.

When you submit a data subject rights request:
We collect your e-mail address, your first and last name, and, if you provide us with this, maiden name, birthdate and address, as well as for identification reasons, a picture of your official identification (e.g. ID, passport).

When you consent to marketing activities:
We collect your consent to send you commercial messages by electronic means or consent for marketing via telephone or electronic means, or you enter a survey, a raffle or similar activity organised or co-organised by the Controller (hereinafter "Marketing Consent").

When you apply for a job:
We collect your contact details, your written application, CV,  and certificates/diplomas if you apply for a job at the Controller. We will provide you with detailed information on processing your personal data during recruitment process.

In most cases, we will obtain your personal data directly from you, i.e., directly from the person to whom the personal data relates (data subject).

For Customers, Suppliers, Contact Persons or Representatives, we may also obtain your personal data from other sources, such as your employers, customers, clients, or associates, the entities represented by you, or from publicly available sources, including information provided on public websites, public accounts on social networks or via the publicly accessible databases of our external business partners.

When collecting your personal data from sources other than directly from you, we may process the following categories of personal data: name, job/work status, home or business address, telephone number, e-mail, business (company) name, VAT number or business identification number.

If the provision of your personal data is associated with:

• conclusion of a contract with the Controller - its provision is voluntary, but it is also a condition for the conclusion of a contract, as a contract cannot be concluded with the Controller without the provision of your personal data;

• contacting the Controller - its provision is voluntary, but the Controller cannot be contacted for the designated purpose without the provision of your personal data and thus it is not possible to obtain answers to your inquiry or questions;

• obtaining commercial messages by electronic means or for direct and indirect marketing by telephone or electronic means - its provision is voluntary, but you cannot receive commercial messages by electronic means without the provision of your personal data, and the Controller cannot contact/message you by telephone or electronic means for direct or indirect marketing in your case;

• browsing the Online Applications or our Social Network Profiles - its provision is voluntary, but you cannot use the functions on the Online Applications or Social Network Profiles (e.g. you cannot write comments or view the Controller’s posts under news on our Social Network Profiles, posts cannot be liked, recommended, etc.) without the provision of your personal data.

NOTE: Please read the "Cookie Notice" for more detailed information about personal data collected automatically when browsing the Online Applications.

We process your personal data (categories of personal data) for the following purposes, on the following legal basis and for the following period:

1. Contract processing

• Your personal data will be processed for the purposes and to the extent necessary for the performance of a contract entered into between the customer or supplier and the Controller or for the taking of steps prior to the conclusion of such a contract, including the handling of customer complaints and the provision of after-sales service by the Controller following the conclusion of such a contract in connection with the services provided.
• The following categories of personal data may be processed for this purpose: Contact and identification data and contract data.
• The legal basis for processing your personal data is that it is necessary for the performance of the contract to which you are a party or to take action at your request prior to the conclusion of the contract.
• In such a case, your personal data will be processed for the duration of the obligations of the Controller and/or the customer according to such a contract, according to the retention schedule of the Controller, as well as the local legal requirements (in particular statutory limitation periods and legal archiving periods).

2. Compliance with legal requirements

• Your personal data will be processed for the purpose of complying with the legal obligations imposed on the Controller, arising in particular, not limited to, from legal, tax and accounting regulations, including obligations to record economic events (issuing or posting invoices) and archiving obligations.
• The legal basis for processing your personal data is a legal obligation imposed on the Controller.
• The following categories of personal data may be processed for this purpose: Contact and identification data, individual personal data, customer data, supplier data, employee data, applicant data, contract data.
• In such a case, your personal data will be processed as long as this is required by the local legal requirements (in particular statutory limitation periods and legal archiving periods) and the Controller's retention schedule.

3. Determining and enforcing legal claims of the Controller or defending against legal claims

• Your personal data will be processed for the purpose of investigating and enforcing legal claims by the Controller or defending against legal claims.
• The legal basis for the processing of your personal data is the legitimate interests of the Controller unless these are overridden by the interests or fundamental rights and freedoms of the data subject consisting of the protection of their rights.
• The following categories of personal data may be processed for this purpose: Contact and identification data, individual personal data, customer data, supplier data, employee data, applicant data, contract data. 
• In such a case, your personal data will be processed until the expiry of the statutory limitation period for legal claims resulting from contracts concluded between the Controller and customers/suppliers, as stipulated by local legal requirements (in particular statutory limitation periods and legal archiving periods) and the Controller's retention schedule.

4. Communication 

• Your personal data will be processed for the purpose of contact between the Controller and the contact persons or representatives in current matters (e.g., data on ongoing cooperation, answers to questions, submission of an application).
• The legal basis for the processing of your personal data is the legitimate interests of the Controller, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which consist in the need to contact the contact persons and/or representatives and/or customers/suppliers in connection with the current matter between the Controller and the customer/supplier, or in answering questions and requests.
• The following categories of personal data may be processed for this purpose: Contact and identification data, individual personal data, customer data, supplier data, financial and tax data, employee data, applicant data, contract data, measurement data. 
• In such a case, your personal data will be processed for as long as necessary to respond to or resolve the matter at hand, as required by local legal requirements (in particular statutory limitation periods and legal archiving periods) and the Controller's retention schedule.

5. Credit check

• Your personal data will be processed by the Controller for the purpose of carrying out a credit assessment of the customer.
• The legal basis for the processing of your personal data is the legitimate interests of the Controller regarding the reduction of losses due to unpaid invoices unless the interests or the fundamental rights and freedoms of the data subject prevail.
• The following categories of personal data may be processed for this purpose: Contact and identification data, individual personal data, financial and tax data. 
• In such a case, your personal data will not be processed longer than until the termination of the contract between the Controller and the customer, unless country-specific regulations provide otherwise.

6. Surveys

• Your personal data will be processed for the purpose of conducting surveys (e.g., customer satisfaction surveys) by the Controller.
• The legal basis for the processing of your personal data is the legitimate interests of the Controller, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject to obtain information about your satisfaction with the services provided by the Controller and to ensure the continuous improvement of the standards and quality of those services.
• The following categories of personal data may be processed for this purpose: Contact and identification data, individual personal data. 
• In such a case, your personal data will not be processed longer than until the termination of the contract between the Controller and the person completing the questionnaire.

7. Marketing

• Your personal data will be processed for the purposes of the Controller's marketing including offers of the products and services, technical and related information, and other types of communications such as newsletters and other informative updates from the Controller.
• The legal basis for the processing of your personal data for the purposes of direct marketing is your marketing consent (opt-in principle).
• The following categories of personal data may be processed for this purpose: Contact and identification data, individual personal data. 
• In such a case, your personal data will be processed for the duration of the implementation of the aforementioned objective on the part of the Controller, i.e., the duration of the marketing, but under no circumstances longer than after receipt of your consent withdrawal.

NOTE: We will only process your personal data for direct marketing purposes via electronic means of communication including email messages or by telephone if you provide us with marketing consent, which you may withdraw at any time without giving any reason. The withdrawal of marketing consent will not affect the legitimacy of any processing that was completed on the basis of the marketing consent prior to the withdrawal of the marketing consent. 

8. Raffles

• Your personal data will be processed by the Controller for the purpose of running competitions that you submit to us as part of the competition entry process, starting from the initial entry form through to any personalised communication should you be one of the winners of the competition.
• The legal basis for the processing of your personal data for the purposes of the competition is the consent of the persons concerned and the resulting fulfilment of the competition contract (in accordance with the conditions of participation) with you, which is concluded when you take part in the competition, i.e., fill in the participation form and send it to us.
• The following categories of personal data may be processed for this purpose: Contact and identification data, individual personal data. 
• In such a case, your personal data will be processed for the duration of the implementation and processing of the competition in accordance with the retention schedule of the Controller as well as the local legal requirements (in particular statutory limitation periods and legal archiving periods).

9. Social networks

• Your personal data is processed for the purpose of managing the profiles on social networks, including interaction with the Controller via the profiles on social networks.
• The legal basis for processing your personal data for the purpose of maintaining social networking accounts is the legitimate interests of the Controller, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject in promoting the sale of the Controller's products and services, including its brands, providing information about events and professional functions or events related to the Controller's business, and ensuring that social media supports the Controller's business.
• The following categories of personal data may be processed for this purpose: Contact and identification data, individual personal data. 
• In such a case, your personal data will be processed for as long as the Controller manages its social media profiles, but no longer than until you decide to remove your personal data from such social media profiles (for example, you remove your comments or "likes").

10. Analysis and statistics

• Your personal data will be processed for analytical and statistical purposes of the Controller.
• The legal basis for processing your personal data for the purpose of analysis and statistics is the legitimate interests of the Controller unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject in analysing user activity and preferences in order to improve the functionality of our online applications.
• The following categories of personal data may be processed for this purpose: Statistic website information.
• In such a case, your personal data will be processed for the period during which the Controller conducts analyses and statistics in relation to the online applications and under local legal requirements (in particular statutory limitation periods and legal archiving periods).

11. Video Surveillance

• Your personal data is processed for the prevention of criminal offences, preservation of evidence in the event of criminal offences and safeguarding the Controller's ownership rights and security of data subjects.
• The legal basis for processing your personal data for the purpose of video surveillance and security of data subjects is the legitimate interests of the Controller.
• The following categories of personal data may be processed for this purpose: individual data. 
• In such a case, the recorded data is regularly overwritten. The retention period is defined by the Retention Schedule of the Controller, as well as the national, legal requirements. In the event of a dispute, the data may be retained for longer.

The Controller does not make automated decisions, based solely on the automatic processing of personal data, including profiling.

We might use the remarketing function of Google Inc. This enables us to show you interest-based advertising within the Google advertising network. For this purpose, a "cookie" is stored on your computer. For more information about "cookies" please read our Cookie Notice.

Our websites may also contain social plug-ins from third parties. All integrated social plugins work via the double-click procedure. This means that the respective plugins are only activated when you click on the icon of the network provider.

Your connection to a social network, the data transfers taking place between the network and your system and your interactions on this platform are exclusively subject to the data protection regulations of the respective network.

The social plugin remains active until you deactivate it or delete your cookies via the settings in your browser or explained in our Cookie Notice.

In order to provide you with functional and high-quality services, we work with trusted and reliable business partners, who may be recipients of your personal data. Our partners approach the confidentiality of your personal data very seriously. Your personal data may be provided to the following recipients (including other controllers, who process personal data at their own expense and by their own means, or to meet the purpose of processing data by the Controller).

5.1.1 External Provisioning

The recipients of your personal data may be external business entities in the following categories:
a. IT services providers;
b. registers of debtors;
c. providers of related products and services that are a party to a contract with us;
d. entities providing postal delivery services;
e. customer service providers, including telephone or electronic call centres;
f.  entities providing accounting, financial or tax services;
g. entities providing legal and debt recovery services;
h. entities providing advertising, marketing and / or research services;
i. payment service providers;
j. entities authorised to receive such data under applicable law (e.g., the courts, criminal justice or other state authorities).

5.1.2   Internal Provisioning

We may transfer on your personal data within the Alpiq Group in order to fulfil contractual obligations, within the scope of our legitimate interests for administrative purposes or based on your consent within the Group.
For more information, please contact us here.

The Controller may decide to provide your personal data to entities established outside Switzerland or the European Economic Area (EEA) (so-called "third country").

The transfer of your personal data between Switzerland and member states of the EEA and to other third countries with an adequate level of protection of personal data is based on the relevant adequacy decisions by the Swiss Federal Data Protection and Information Commissioner and the European Commission.

The controller may also transfer your personal data to third countries without laws in place that protect your personal data to the same extent as in Switzerland or the EEA. In this case the controller provides appropriate safeguards such as imposing binding corporate rules or standard contractual clauses recognised by the relevant data protection authority.

You have the following rights in relation to the processing of your personal data:

6.1.1 Right to withdraw consent – whenever the Controller processes your personal data based on your consent, you may withdraw your consent at any time without having to specify the reasons for such withdrawal;

6.1.2 Right to access your personal data – you have the right to receive confirmation on whether or not your personal data is processed by us, and if so, to obtain a copy of your personal data, as well as further information such as the purpose of processing, the recipients or categories of recipients to whom we have your personal data disclosed; the planned period for retaining this data or the criteria for determining this period;

6.1.3 Right to rectify your personal data – you have the right to require that incomplete or inaccurate personal data that we process about you is amended;

6.1.4 Right to the deletion of your personal data – you have the right to request that we delete your personal data, if it is no longer needed for the purposes for which it was collected, you have withdrawn your consent and there is no other legal basis for the processing, you have effectively objected to the processing or your personal data has been processed unlawfully, but we may retain your personal data if this is required in order to comply with legal obligations or to establish or defend legal claims;

6.1.5 Right to restrict the processing of your personal data – you have the right to request that we restrict the processing of your personal data in any of the following cases: (i) you believe such data is inaccurate; (ii) processing is unlawful and you request the restriction of personal data instead of its deletion; (iii) we no longer need your personal data, but you require them for the purpose of making a legal claim; or (iv) you object to the processing of your personal data and we verify the legitimacy of your request;

6.1.6 Right to the portability of your personal data – you have the right to request that we transmit personal data concerning you in a structured, commonly used and machine-readable format to you or to another controller, if this is personal data that you have provided to us and we are processing this personal data on the basis of your consent or in order to perform a contract between you and us; and the processing is carried out by automated means;

6.1.7 Right to object to the processing of your personal data – whenever we processes your personal data for purposes based on our legitimate interests, you have the right to object to such processing on grounds relating to your particular situation; we will follow your request unless we have compelling legitimate grounds for the processing which override your interests or rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim; if we process your personal data for direct marketing purposes, which includes profiling to the extent of direct marketing, your objection to processing will always be accepted.

If you wish to exercise your rights, we kindly ask you to use the appropriate contact form here. If you would like to send us a letter or call us, you can do so at the following address and telephone number:

Alpiq Holding Ltd.
Group Data Privacy Officer
Bahnhofquai 12
CH-4601 Olten
E-Mail: privacymail@alpiqweb.com
Tel: +41 62 286 7010

If you have a question about these rights or the processing of your personal data, please contact our Group Data Privacy Officer.

If you have a question or concern, please contact our Group Data Protection Officer – see details in section 6.2

If you are in the EEA you have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protections laws. A list of local data protection authorities in EEA countries is published here.

If you are in Switzerland, you can contact the Swiss data protection authority:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Feldeggweg 1
3003 Bern, Switzerland
Tel +41 (0)58 462 43 95

We use technical and organizational security measures to protect your data managed by us against manipulation, loss, destruction and against access by unauthorized persons. We continuously improve our security measures in accordance with technological developments.

Our websites and Online Applications may contain links to other websites belonging to or administered by third parties. We are not responsible for the processing of personal data by these third parties on other websites, including the privacy policies, information clauses and other similar documents contained on these websites.

We reserve the right to make changes or updates to our Privacy Notice in the future. This may in particular be necessary due to changes in applicable data protection legislation or data protection guidelines issued by the supervisory authority, but also in connection with any changes in the administration of the websites or Online Applications by the Controller or in Customer Services or service processes to Suppliers. The latest version of this Privacy Notice is always available on www.alpiq.com.