Privacy Notice of TACTIC TAL GmbH
Last updated: June 21, 2024
-
What is this privacy notice about?
TACTIC TAL GmbH (hereinafter referred to as “we” or “us”) processes personal data relating to you or other individuals in different ways and for different purposes.
Personal data is all information relating to an identified or identifiable natural person, and processing means any operation with it, such as collecting, using, and disclosing it.
This privacy notice explains our processing of such data when:
- you visit our website www.tactictal.com (the “Website”),
- you purchase or use our online recruiting and related services (the “Services”),
- you are otherwise associated with us by contract (e.g., as business partner or supplier),
- you contact us via e-mail, letter, on social media, by text message, via a contact form, etc.,
- you deal with us in the context of all other data processing related to our offers and services (e.g., in the context of our webinars, conferences, trade events, surveys, etc.).
Please take the time to read this privacy notice to learn how and why we process your personal data, how we protect your personal data and what rights you have in this context. If you have any questions or would like further information about our data processing, please do not hesitate to contact us (Section 2).
We have aligned this privacy notice with both the Swiss Federal Act on Data Protection (“FADP”) and the European General Data Protection Regulation (“GDPR”). However, whether and to what extent the GDPR is applicable at all depends on the individual case.
-
Who is responsible for processing your data?
For the data processing according to this privacy notice, the following company is the controller, i.e. the party primarily responsible under data protection law unless otherwise communicated in individual cases (e.g. in further privacy notices, on forms or in contracts):
TACTIC TAL GmbH
Industriestrasse 9
8305 Dietlikon
Switzerland
If you have any questions regarding data protection, please feel free to contact us at the following address so that we can process your request as quickly as possible: privacy@tactictal.com
-
What personal data do we process?
We process different categories of personal data depending on the occasion and purpose. You will find the most important categories below, whereby this list cannot be exhaustive.
You may provide us with data that relates to other individuals, such as business partners or work colleagues. If you do submit data concerning third parties, we understand that you confirm this data is correct and that you are authorised to provide us with this data. We ask you to inform these third parties about our processing of their data (for example, by a reference to this privacy policy).
-
Master data
Master data is the basic data that we need to process for our business relationships or for marketing and advertising purposes and that relates directly to your person and characteristics. For example, we process the following master data:
- salutation, surname and first name, gender, date of birth;
- address, contact details such as e-mail address and telephone and mobile number;
- nationality;
- language preferences;
- customer history (information about the Services we provide to you);
- contact persons of companies;
- relations to the company you are working for;
- permissions, consents, or preferences that you give us.
We usually obtain this master data from you directly but possibly also from other persons who work for your company but may also obtain personal data from third parties, for example, from agencies you work for or from third parties such as our contracting parties, associations, and address dealers and from publicly accessible sources such as public registers or the internet (websites, social media, for instance, when you click on one of our Instagram, TikTok, Facebook or Google adverts, etc.).
-
Job data
When you register as a Talent, we process different sets of data in relation to your professional background and job preferences, such as:
- service line preferences, geographical preferences, job position preferences, remote work preferences, occupation rate preferences, salary expectations;
- information about your professional career and educational background, including but not limited to current and old job positions, degrees, qualifications, recommendation letters, payslips, professional certificates, key achievements.
-
Contract data
Contract data is information that incurs in connection with the conclusion or execution of a contract, for example information about contracts and cooperative partnerships and the services to be rendered or the services rendered, as well as data from the period prior to the conclusion of a contract, information on the conclusion of the contract itself (e.g. the closing date and the subject matter of the contract), as well as the information required or used for the execution. For example, we process the following contract data:
- date, information on the type and duration as well as conditions of the respective contract, data concerning the termination of the contract;
- contact details;
- information on the use of our Services;
- information on payments (company’s financial account including bank account details, payment card details) and payment methods, invoices, mutual claims, contact with customer service, objections, defects, returns, information on customer satisfaction, complaints, feedback, etc.;
- access data and logins.
We receive this data from you, but also from partners with whom we work. Again, this data may relate to your company, in which case it is not “personal data”, but it may also relate to you if you work for a company or if you obtain Services from us.
-
Communication data
Communication data is data in connection with our communication with you, for example, when you contact us via contact form or via other means of communication. Examples of communication data are:
- name and contact details (e.g. postal address, e-mail address and telephone and mobile number);
- content of correspondence (e.g. of e-mails, written correspondence, telephone conversations, chat messages, etc.);
- responses to customer and satisfaction surveys;
- information on the type, time and, if applicable, location of the communication and other peripheral and meta data of the communication.
-
Technical data
Technical data is generated in connection with the use of our Website. This includes, for example, the following data:
- the IP address of the end device and device ID;
- information on the devices and technology you use including IP address, login data, browser type and version, time zone, operating system, browser type;
- information about your internet provider;
- accessed content or protocols in which the use of our systems is recorded;
- date and time of access to the Website and your approximate location;
- details of the content accessed in the user account;
- other information that is required when using the user account, such as sending the access code via e-mail for logging into your user account via our Website.
We may also assign an individual code to you or your end device (e.g. by means of a cookie; see Section 5.1). This code is stored for a certain duration, often only during your visit. We cannot usually deduce who you are from technical data unless, for example, you register for the newsletter on our Website. In this case, we can link technical data with master data – and thus with your person.
-
Behavioural data
To tailor our Services to you or your company in the best way possible, we try to get to know you better. For this purpose, we collect and use data related to your behaviour. Behavioural data is, in particular, information about your use of our Website. It may also be based on technical data. This includes, for example, information on your use of electronic communications (e.g. whether and when you opened an e-mail or clicked on a link, especially when sending newsletters). We may also use your other interactions with us as behavioural data, and we may link behavioural data with other data (e.g. with anonymous information from statistical offices) and evaluate this data on a personal and non-personal basis.
-
Preference data
Preference data tells us which needs you are likely to have, and which Services might meet your interest or the interest of your company (e.g. when selecting topics for the newsletter). We therefore also process data regarding your interests and preferences. For this purpose, we can link behavioural data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences, and anticipated behaviour.
-
Other data
We may also collect data from you in other situations. In connection with official or judicial proceedings, for example, data (such as files, evidence, etc.) which is collected may also relate to you. We may also obtain photographs in which you may be identifiable (e.g. selfies made for the professional profile, at events, by security cameras, etc.).
We may also collect data on who enters certain buildings and when or who has corresponding access rights (incl. in the case of access controls, based on registration data or visitor lists, etc.), who participates in events or campaigns (e.g. competitions) and who uses our infrastructure and systems and when.
-
-
For what purposes do we process your personal data?
We use the personal data we collect primarily for our collaboration with you. If you have subscribed to our newsletter, we use your e-mail address to send it. In addition, we also process personal data, to the extent permitted and deemed appropriate, for other purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:
- for the purpose of the performance of our contract and the provision of our Services, i.e. to assess Talents’ qualifications and suitability for available positions and to maintain a pool of potential Talents for future opportunities. For this purpose, we especially process contract data, communication data, master data, preference data, and other data.
- to manage our business operations including making and managing payments, managing fees and charges due on user accounts.
- for communication purposes, i.e. to contact you and to stay in touch with you. This includes answering inquiries and contacting you in case of queries, e.g. by e-mail. For this purpose, we especially process communication data and master data.
- for customer care and marketing purposes, i.e. to offer you targeted information about new offers according to your personal interests and preferences, for example, through the newsletter and personalised advertising. For this purpose, we especially process technical data, master data, communication data and behavioural data.
- to improve our Services and for product development.
- to ensure IT security and for prevention. We process personal data to monitor the performance of our company, in particular IT functions, our Website, applications, and other platforms; for security purposes, to ensure IT security, to prevent theft, fraud and abuse; and for evidence purposes. This includes, for example, the evaluation of technical records of the use of our systems (log data), the prevention, defence and investigation of cyber-attacks and malware attacks, analyses and tests of our networks and IT infrastructures, system, and error checks.
- to maintain the internal rules and other measures for IT, building and facility security, and for the protection of our employees, other persons and assets belonging to or entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone records).
- to protect our rights: we may also process personal data to enforce claims in or out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims. For this purpose, we especially process master data and communication data.
- to comply with legal requirements, to meet our legal, regulatory, and tax reporting obligations, to ensure compliance with orders of a court or an authority, to take measures to detect and investigate abuses: this includes, for example, the processing of complaints and other notifications, and generally measures that we are obliged to take by applicable law, self-regulation, or industry standards. For this purpose, we especially process master data and communication data.
- for administration and support: to shape our internal processes efficiently, we process data as far as necessary for the administration of IT, for accounting or for archiving data. For this purpose, we especially process communication data and behavioural data as well as technical data.
- for other purposes. These include company management, including business organization and company development, other internal processes and administrative purposes (e.g. management of master data, accounting and archiving), training and educational purposes, the preparation and processing of purchase and sale of business units, companies, or parts of companies, other transactions under company law, the transfer of personal data, as well as measures for business management and the protection of other legitimate interests.
If we ask for your consent for certain processing activities, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time by written notice.
-
What online tracking and online advertising techniques do we use?
On our Website, we use various techniques to let us and third parties consulted by us recognise you when you use our Website and, in some cases, track you across multiple visits. The use of such techniques is regulated separately. The following section provides information on this topic.
-
How and for what purpose do we use cookies and similar technologies?
We use third-party services for our Website to measure and improve the user experience of the Website and online advertising campaigns. For this purpose, we may embed third-party components on our Website, which may in turn use cookies. When we track you or use similar technologies, the core purpose is to enable us to distinguish access by you (via your system) from access by other users so that we can ensure the functionality of the Website and perform statistical analyses. We do not want to identify you in this process. The technology used is designed to recognise you as an individual visitor each time you access the site, for example, by having our server (or the servers of third parties) assign a specific identification number to you or your browser (so-called “cookie”).
Cookies are files that your browser automatically stores on your end device when you visit our Website. Cookies contain a unique identification number (an ID) that allows us to distinguish individual visitors from others, but usually without identifying them. Depending on the purpose of use, cookies may contain further information, for example, on accessed sites and the duration of the visit to a site. On the one hand, we use session cookies, which are deleted again when the browser is closed, and on the other hand, we use permanent cookies, which remain stored for a certain duration after the browser is closed and are used to recognise visitors on a subsequent visit.
We use the following types of cookies and similar technologies:
- essential cookies: essential cookies are required for the functionality of the Website, for example, to allow you to switch between sites without losing information entered in a form.
- performance cookies: performance cookies collect information about the use of a website and enable analyses, for example, to determine which sites are most popular. They can thereby simplify the visit to a website and improve the user experience.
- functional cookies: functional cookies enable advanced features and can display personalised content based on your preferences.
- analytical cookies: analytical cookies (or marketing cookies) help us and our advertising partners to target you on our Website and on websites of third parties with advertisements for our Services that may be of interest to you or to display our advertisements during your further internet use after visiting our Website.
We particularly use cookies for the following purposes:
- to personalise content;
- to display personalised advertisements and offers;
- to display ads on third-party websites and measure their reach and success, i.e. whether you respond to these ads (remarketing);
- to save settings between your visits;
- to determine whether and how we can improve our Website;
- to collect statistical data on the number of users and their usage habits, as well as to improve the speed and performance of the Website;
- to process your contact details with the aim to target you with advertisement on third-party platforms.
We may also use LinkedIn Insight Tag to store data in the browser. LinkedIn Insight Tag is a tool from LinkedIn Ireland Unlimited Company, which we use to analyse your use of our Website in order to constantly optimise it.
-
How can cookies and similar technologies be disabled?
When accessing our Website, you have the option to activate or deactivate certain categories of cookies through our cookie banner. Here, you may also clear or block specific cookies, such as third-party cookies, or all cookies. However, if you block all the cookies that we use, it may affect your user experience.
You can configure your browser in the settings to block certain cookies or similar technologies or to delete existing cookies and other data stored in the browser. You can also enhance your browser with software (so-called “plug-ins”) that blocks tracking by certain third parties. You can find out more about this in the help pages of your browser (usually under the heading “Privacy”). Please note that our Website may not fully function if you block cookies and similar technologies.
-
Cookies from partners and third parties on our Website
We may use third-party services to help us measure and improve the user experience of the Website and online advertising campaigns. For example, we use analytical services to optimise and personalise our Website. The respective third-party providers may record your use of the Website for this purpose and combine their recordings with further information from other websites. This allows them to record user behaviour across multiple websites and end devices in order to provide us with statistical evaluations on this basis. The providers may also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person. Third-party service providers may be located outside Switzerland and the EU/EEA, provided that the protection of your personal data is adequately ensured.
-
-
What applies to profiling?
We may process and evaluate your data automatically in accordance with Section 3. This also includes profiling, i.e. automated evaluations of data for analysis, prognosis, and marketing purposes, to determine preference data (Section 3.7), to ensure customer care as well as to detect misuse and security risks.
-
How do we process data in connection with social media?
On our Website, we offer you the option to use a “social media plugin” (e.g. for Instagram, TikTok, LinkedIn, etc.) to incorporate features from these providers into our Websites. These plugins are deactivated by default. As soon as you activate them (for example, by clicking the button), the corresponding providers can determine that you are on our Website. If you have a corresponding account with the social media provider, they can allocate this information to you and thus track your use of online offers.
We are generally jointly responsible with the respective providers for the exchange of data this provider collects via plugins or comparable functions (but not for further processing by said provider). Where possible, we have concluded a corresponding additional agreement with the provider. You can address requests for information and other data subject inquiries in connection with the joint responsibility directly to the respective provider.
If you communicate with us via our profiles on social media or comment on or share content on social networks (e.g. on Instagram, TikTok, LinkedIn, etc.), we collect data, which we use primarily to communicate with you, to answer your inquiries in connection with our data processing, for marketing purposes, and for statistical evaluations. Please note that when you visit our social media sites the platform provider itself also collects and uses data (e.g. on user behaviour), possibly together with other data known to it (e.g. for marketing purposes or to personalise the platform content). For more information on data processing by social network providers, please refer to the privacy policies of the respective social networks.
-
To whom do we disclose your personal data?
In connection with our processing activities, we disclose your personal data to other recipients.
- In particular, we disclose Talent’s personal data to Companies for the purpose of the performance of our contract and the provision of our Services, i.e. for the “job matching” process.
- We may disclose personal data to service providers as required for their services. This concerns IT service providers (e.g., hosting and other cloud service providers) and marketing service providers. As far as service providers process personal data as processors, they are obliged to process personal data exclusively according to our instructions and to implement data security measures.
-
Data may also be disclosed to other recipients, e.g. to courts and authorities as part of legal proceedings and legal information and cooperation duties and buyers of companies and assets.
We may share de-identified personal data with other recipients (e.g., academic institutions to perform research, or the public) under controls that are designed to protect your privacy – including requiring such institutions to operate under confidentiality agreements and mandating that published findings contain only de-identified and aggregated data.
In individual cases, it is possible that we also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to disclose such data.
-
Do we disclose personal data abroad?
Recipients of data are not only located in Switzerland. This applies in particular to certain service providers and Companies. These recipients may be located outside the EEA and Switzerland (especially in Germany, Finland, and the USA), but also in other regions and countries worldwide. For example, we may transmit data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings. Not all these countries currently guarantee an adequate level of data protection according to the standards of Swiss law. We therefore take precautions to contractually compensate for the lower level of legal protection, especially with the standard contractual clauses issued by the European Commission and recognised by the Swiss Data Protection and Information Commissioner (FDPIC). For more information and a copy of these clauses, please visit www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows.html.
In certain cases, we may transmit data in accordaqnce with data protection law requirements even without such contracts, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of the contract, for the establishment, exercise, or enforcement of legal claims, or for overriding public interests.
-
How long do we process personal data?
We store and process your personal data as long as it is necessary for the purpose of the processing (in the case of contracts, usually for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g., to enforce legal claims, for archiving or to ensure IT security) or as long as the data is subject to a legal retention obligation (for example, for certain data, a ten-year retention period applies). If there are no legal or contractual obligations to the contrary, we will destroy or anonymise your data after the storage or processing period has expired within our normal processes.
In relation to cookies, you can find information on the duration of storage under the link “Cookie settings”.
-
What are the legal bases for data processing?
Data processing is only permitted if the applicable law specifically allows it. This does not apply under the Swiss FADP, but does apply, for example, under the EU GDPR as far as it is applicable. In this case, we base the processing of your personal data on the following legal bases:
- on your consent (Article 6(1)(a) and Article 9(2)(a) GDPR);
- that the processing is necessary for the performance of the contract or pre-contractual measures (e.g. the review of a contract proposal; Article 6(1)(b) GDPR);
- that the processing is necessary for the establishment or defence of legal claims or civil proceedings (Article 6(1)(f) and Article 9(2)(f) GDPR);
- that the processing is necessary for compliance with domestic or foreign legal provisions (Article 6(1)(c) and (f); Article 9(2)(g) GDPR);
- that the processing is necessary for a legitimate interest in the data processing, in particular the interests mentioned in Section 4 (Article 6(1)(f) GDPR).
-
How do we protect your data?
We take appropriate security measures to protect the confidentiality, integrity, and availability of your personal data to protect it against unauthorised or unlawful access or processing and against the risks of loss, accidental loss, or alterations of the data. However, security risks cannot be completely ruled out as residual risks are unavoidable.
-
What rights do you have?
Under the applicable data protection law, you have certain rights to obtain further information about and influence our data processing. Particularly, these are the following rights:
- access right: you may request further information about our data processing. We are at your disposal for this purpose. You may also submit a so-called information request if you wish to receive further information and a copy of your data.
- objection and deletion: you may object to our data processing and request that we delete your personal data at any time if we are not obliged to continue processing or storing this data and if it is not necessary for the contract.
- correction: in the event that your personal data is incorrect or incomplete, you may request that we correct, complete, or complement it with a note that indicates your objection.
- data portability: you have the right to receive the personal data you have provided to us in a structured, common, and machine-readable format or to have it transferred to a third party, as far as the respective data processing is based on your consent or is necessary for the execution of our contract.
- revocation: if we process data based on your consent, you can revoke your consent at any time. The revocation is only valid for the future, and we reserve the right to continue to process data on another basis in the event of a revocation.
Please note that these rights are subject to legal requirements and restrictions and are therefore not fully applicable in every case. In particular, we may need to further process and store your personal data in order to fulfil our contractual obligations, to protect our own legitimate interests such as the assertion, exercise, or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we may reject a data subject request in whole or in part (e.g., by redacting certain content relating to third parties or our trade secrets).
If you wish to exercise any rights against us, please contact us in writing. You will find our contact details in Section 2. You may also file a complaint against our processing of your data with the competent supervisory authority. The competent supervisory authority in Switzerland is the Swiss Data Protection and Information Commissioner (FDPIC).