Data privacy and cookie management
1. INTRODUCTION
In this privacy policy, we provide information about the personal data we process during our busi-ness activities, including on our website www.hydro.ch. We explain the purpose, methods and lo-cation of the processing of personal data. We also provide information about the rights of the indi-viduals whose data we process.
In connection with the collection and use of this data, HYDRO is subject to Swiss data protection law (FADP) as well as applicable foreign data protection law, that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of data protection.
This statement describes the general principles and rules to be observed in the processing of per-sonal and sensitive data. It has been drafted to ensure compliance with both the GDPR and the FADP. However, any specific reference to an article refers to those of the FADP.
2. DATA PROTECTION OFFICER
Thomas Dechorgnat:
HYDRO Exploitation SA
Rue de l’industrie 10
CP 315 – CH-1951 Sion
3. DEFINITIONS
Personal data: any information relating to an identified or identifiable natural person (“data sub-ject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmis-sion, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller: the natural person or federal body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
4. WHAT DATA WE PROCESS ABOUT YOU?
We collect the following personal data directly from you:
- Identity: first name, surname, gender, job title, title.
This data is retained for between 10 and 20 years after the end of the contractual relationship for legal reasons or for evidential purposes, pending the expiry of the applicable limitation peri-ods. - Contact details: postal address, email address, telephone number.
This data is retained for between 10 and 20 years after the end of the contractual relationship for legal reasons or for evidential purposes, pending the expiry of the applicable limitation peri-ods. - Technical data: IP address, MAC address, timestamp.
This data is retained for 90 days after collection for technical and security reasons relating to our IT systems.
We process your personal data for as long as the purposes of each processing operation are re-quired. These purposes include statutory retention obligations as well as the retention periods we have defined ourselves in order to protect our own interests (corporate governance, documentation and preservation of evidence). In all cases, once all retention periods have expired, your personal data is anonymized or destroyed.
5. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?
We process your personal to:
- enter contractual relationships and perform them in accordance with the provisions set out in the contracts.
- communicate with you by any appropriate means of communication to answer your questions regarding our services, offer you our services and assistance, and record complaints and claims.
- send you commercial or promotional communications (marketing) via the channels you have chosen, where applicable, and carry out profiling combining various personal data to better un-derstand your interests and preferences regarding our products and services; certain pro-cessing for marketing purposes involves sharing your data with contractual partners; you may object to such processing for marketing purposes at any time, free of charge;
- sharing your data with our contractual partners so that they may contact you, provided you have given your prior consent.
- improving our services, products and business activities through market research and satisfac-tion surveys.
- plan our business activities.
- compile statistics.
- verifying that our activities comply with applicable legislation and our internal regulations.
- to analyse risks, detect misuse, implement security measures and verify that these measures are effective.
- to respond to your questions and requests regarding data protection, particularly when you wish to exercise any of your rights under the law.
6. WHAT ARE THE LEGAL BASES FOR PROCESSING YOUR DATA?
Most of the processing we carry out is strictly necessary for the conclusion, performance and set-tlement of contracts with you. Without this processing, we cannot guarantee the services we under-take to provide under the contracts.
Other processing activities are based on our legitimate interests or those of a third party. This ap-plies to processing for marketing, security, statistical and market research purposes. The same applies to the defence of our interests in legal proceedings and the management of disputes, partic-ularly those without a contractual basis.
Certain processing operations may be required by Swiss or foreign legislation. If they are not direct-ly imposed by law, they will be based on our legitimate interest in complying with the legal provi-sions applicable to us.
Your consent will also serve as the legal basis where necessary (e.g. for certain processing activi-ties for marketing purposes). In such cases, we will specifically inform you of the processing activi-ties requiring your consent, and you remain free to give or withhold your consent. We will explain the consequences if you refuse to give your consent. Once you have given your consent, you are free to withdraw it at any time, without giving a reason and in a straightforward manner. Withdrawal applies to the future and does not retroactively affect processing carried out up to the point of with-drawal. The processing covered by the withdrawal of consent will cease immediately unless it can be continued on another legal basis (e.g. our legitimate interest).
7. TO WHOM DO WE DISCLOSE YOUR DATA?
As part of the contractual relationship between you and us, and for the other purposes set out in section 5 above, we may need to disclose all or part of your data to the following recipients:
- Contractual partners. We work with partners to provide you with the services set out in the con-tracts between us. We therefore only disclose to them the personal data concerning you that is strictly necessary for the provision of their services.
- Service providers. We work with various service providers who enable us to carry out certain data processing operations and perform certain activities.
- Authorities. Where we are required to do so by law, where we are entitled to do so, or where it is necessary to protect our interests, we disclose your personal data to Swiss or foreign authori-ties.
When we disclose your data to recipients acting as data processors, we verify whether they also disclose data to third parties and require assurances regarding such disclosures, as to their ne-cessity and security. Where necessary, we will restrict the processing of your data by certain data processors. However, these checks and restrictions cannot be applied to certain recipients acting as independent data controllers, in particular public authorities.
8. WHAT TYPES OF COOKIES DO WE USE ON OUR WEBSITE?
8.1 Cookies
Cookies are small text files placed on your device when you visit our website. They enable us to improve your browsing experience, personalize content, and analyse how our site is used so that we can better understand your needs and preferences. Some cookies are essential for our site to function properly, whilst others help us to offer you additional features.
When you arrive on our site, you will be greeted by an information banner explaining how we use cookies. You will then have the option to give your explicit consent by ticking the “I accept” box or to refuse non-essential cookies by clicking “I refuse”. You can also manage your cookie prefer-ences at any time by accessing the “Cookie Settings” section of our website.
Please note that essential cookies are enabled by default to ensure our website functions properly. However, we undertake not to collect any personal data without your prior consent and not to share your information with third parties without your express authorization.
8.2 Google Analytics
We use Google Analytics on our website. This is a third-party service that may be located in any country worldwide (in the case of Google Analytics, this is Google LLC, in the United States, www.google.com) and enables us to measure and evaluate website usage. To this end, persistent cookies created by Google Analytics are used. IP address anonymization is enabled in Google Analytics, which means that the IP addresses of users of our websites, which are necessarily transmitted to Google Analytics’ servers, are automatically and promptly truncated (by masking the last octet of the address). Google Analytics only tells us how our various websites are used (with-out any personal information about you). For our part, we do not pass on any personal data to Google Analytics, even though Google Analytics may track your use of the site, combine this in-formation with data from other websites you have visited and which it also tracks, and use this in-formation for its own purposes. However, if you are registered with Google Analytics, Google Ana-lytics will also recognize you. The processing of your personal data by Google Analytics is there-fore its responsibility, in accordance with its privacy policy.
8.3 Social media plugins
We also use social media plugins on our websites, such as LinkedIn. You can usually identify them by the corresponding icons. We have configured these elements to be disabled by default. If you enable them (by clicking on them), data relating to your visit to our site will be transmitted to the social media operator, who may use it for their own purposes. The processing of your personal data is then the responsibility of that operator, in accordance with their privacy policy. They do not transmit any information about you to us.
8.4 Third-party cookies and technology on our website
|
Solution |
Provider |
Description |
Expiry |
|---|---|---|---|
|
bscookie |
Linkedin.com |
Used to identify the user via an application. This allows the visitor to log in to a website via their LinkedIn application. |
1 year |
|
Li_gc |
|
Stores the user’s cookie consent for the current domain. |
180 days |
|
PHPSESSID |
Hydro Exploitation |
Maintains user settings across page requests. |
Session |
|
Test_cookie |
Doubleclick.net |
Used to check whether the user’s browser accepts cookies. |
1 day |
9. DO WE TRANSFER YOUR DATA ABROAD?
We work with service providers and partners who are not based in Switzerland. We therefore transfer certain personal data to them where such a transfer is necessary for the purposes de-scribed in section 5 above and comply with the applicable legal framework.
We also use IT services provided by foreign service providers. We endeavour to store data in Switzerland, but this is not always possible. In such cases, we give preference to countries within the European Economic Area and countries offering an adequate level of protection.
We will transfer personal data primarily to the European Union.
We would also like to remind you that, due to technical rules relating to the operation of the network, the transmission of personal data via the internet between individuals or entities located in the same country may pass through other countries. These transits are beyond our control.
10. HOW DO WE PROTECT YOUR DATA?
HYDRO has implemented an Information Security Management System (ISMS) in accordance with the ISO 27001:2022 standard. This ISMS aims to establish a governance framework to ensure the confidentiality, integrity and availability of the personal and sensitive data of its customers, partners and employees.
By implementing the organisational, human, physical and technical provisions and measures of the ISO 27001 standard, HYDRO strengthens its ability to identify and assess risks associated with personal data, implements appropriate security measures such as encryption, access manage-ment and continuous monitoring, and establishes incident response procedures to react quickly and effectively in the event of a data breach.
This proactive approach not only ensures compliance with data protection regulations but also cre-ates an environment of trust where stakeholders can be assured that their personal information is handled with the utmost care and security.
Data transferred over the internet by us and via our website is protected by encryption technologies such as SSL. No transaction carried out over the internet can be guaranteed to be 100% secure.
11. WHAT ARE YOUR RIFHTS REGARDING THE PROTECTION OF YOUR DATA?
As a data subject, you have the following fundamental rights:
- Right to information and transparency: To be clearly informed about how your data is used.
- Right of access: To know what data is held by the data controller.
- Right to rectification: To have inaccurate or incomplete data corrected.
- Right to erasure (‘right to be forgotten’): To request the deletion of your data under certain conditions.
- Right to restriction of processing: To suspend the use of your data.
- Right to data portability: To retrieve your data in a structured format for transfer.
- Right to object: To object to your data being used for a specific purpose.
- Right not to be subject to automated decision-making: Not to be subject to decisions based solely on automated processing.
We will inform you of any conditions or restrictions that may apply to the exercise of your rights.
You may exercise your rights by contacting us directly via our DPO at .
We reserve the right to request additional information to verify your identity, in particular by means of a copy of a valid official identity document. To facilitate the processing of your request, we also ask you to specify precisely which right(s) you wish to exercise, and the scope of such rights.
12. WHEN DO WE UPDATE THIS STATEMENT?
This statement may be updated at any time. The version published here on our website is the most recent version and is the authoritative one. It supersedes all previous general data protection clauses or any that conflict with this statement.
