RUAG Privacy Notice
Data protection is a matter of trust and your trust is a core value of the RUAG group and of all his legal entities it is composed of (“RUAG” and/or “we” and/or “us”).
1. Who we are
This Privacy Notice applies to all legal entities of the RUAG group. Each RUAG company that processes personal data for its own business purposes acts as a data controller. For example, if you interact with a company about a matter concerning that company, it will be the controller for the personal data processed in relation with your request; or the company that invites you to participate in a customer event will be the controller of the data processed for the event. A list of the RUAG companies and their contact details is available at www.ruag.com.
If you have any questions or requests in relation to the processing of your personal data, you can contact the RUAG Data Protection Team at firstname.lastname@example.org.
This Privacy Notice applies to any processing of personal data in connection with all our business activities in all our business areas. It is applicable to the processing of both historical and future personal data.
Please note that we separate privacy notices may apply, for example for employees, applicants, and participants at trade fairs, job fairs and similar events. These policies are available at www.ruag.com/privacy.
3. Which personal data do we process and for what purposes?
We may process personal data in the following situations and for the following purposes:
- Communication: We may process personal data when you are contacting RUAG or when RUAG is contacting you, for example when you are contacting our customer service or when you write to RUAG or call us. In this case, we may typically process name(s) and contact data and the content and time of the relevant messages. We may use this data in order to provide you with information, process your request and communicate with you. We can also forward messages within RUAG, for example if your request concerns another RUAG entity.
- We may also use analytics services provided by third party service providers, for example Google Analytics, which is provided by Google LLC, US. As part of such services, the service provider collects information about the use of the relevant website, but often in a non-personally identifiable form.
- Finally, we may use functionalities from providers such as Facebook, which may result in the provider concerned processing data about you. We advise that you read the privacy policies of these third party providers.
- Use of e-mail: We may use your name and e-mail address to send you alerts, updates, event invitations and other information by e-mail, but will ask for consent first unless we have obtained your contact details from you in the context of our services. If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by following the link included in these e-mails. We may use a third party provider to understand if you open our e-mails or if you click on links included in them. You may prevent this by using the appropriate settings in your e-mail client.
- Visiting our premises: When you enter our premises, we may make video recordings in appropriately marked areas for security and evidence purposes. You may also be able to use a Wi-Fi service. In this case, we collect device-specific data in the course of your registration, and we may ask you to enter your name and e-mail address when registering.
- Customer events: When we hold customer events (such as advertising events, sponsoring events, cultural and sporting events), we may also process personal data. Such data may include the name and address of the participants or interested parties and, other data depending on the event, for example your date of birth. We may process this information for the purpose of carrying out customer events but also to get in direct contact with yourself and get to know you better. Further details can be found in the respective conditions of participation. Please read our Privacy Notice for Trade Fairs, Job Fairs and Similar Events (whose link has been referred to here above), Should you need further information about how we may process your personal data.
- Business partners: RUAG is working together with various companies and business partners, for example with suppliers, commercial customers of goods and services and with service providers (for example IT service providers). We may process personal data about the contact persons in these companies, for example their name, function and title. Depending on the field of activity, we are also required to scrutinize the relevant company and/or its employees. We will notify you separately if this applies. We may also process personal data about yourself to improve our customer orientation, customer satisfaction and customer loyalty (Customer Relationship Management).
- Administration: We may process personal data for our internal and group-internal administration. For example, we may process personal data in the context of IT or real estate management. We may also process personal data for accounting and archiving purposes and generally for checking and improving internal processes.
- Corporate transactions: We may also process personal data in order to prepare and process company and other transactions.
- Job applications: We may also process personal data when you apply to us. As a general rule, we require the usual information and documents as well as the ones mentioned in a job advertisement. Please read our Applicant Privacy Notice (whose link has been referred to here above) for information about how we process your personal data collected in the course of a job application.
- Employment: We process personal data of our employees in the course of their employment. A dedicated RUAG Employee Privacy Notice is applicable in this regard.
- Compliance with legal requirements: We may process personal data to comply with legal requirements. These include, for example, the operation of a whistleblowing scheme for reporting about suspected wrongdoings, internal investigations or the disclosure of documents to an authority if we have good reason to do so or are even legally obliged to do so. In this context we may process names and documentation or narratives referring to yourself or to a third party.
- Protection of rights: We may process personal data in various constellations in order to protect our rights, for example to assert claims in and out of court and before local and foreign authorities or to defend ourselves against claims. For example, we may have process prospects clarified or submit documents to an authority. Authorities may also require us to disclose documents containing personal data.
We process personal data on the following grounds:
- for the performance of a contract;
- for legitimate interests. This includes, for example, the interest in customer care and communication with customers outside of a contract; in marketing activities; in getting to know our customers and other people better; in improving products and services and developing new ones; in combating fraud, and the prevention and investigation of offences; in the protection of customers, employees and other persons and data, secrets and assets of the RUAG group; in the guarantee of IT security, especially in connection with the use of websites, apps and other IT infrastructure; in the guarantee and organisation of business operations, including the operation and further development of websites and other systems; in company management and development; in the sale or purchase of companies, parts of companies and other assets; and in the enforcement or defence of legal claims;
- based on a consent, where such consent was obtained separately; and
- for compliance with legal and regulatory obligations.
You are generally under no obligation to disclose personal data to us. However, we must collect and process certain data in order to be able to conclude and perform a contract and for other purposes.
4. Who do we share your personal information with?
Our employees have access to your personal data as far as it is necessary for the described purposes and the work of the employees concerned. They act in accordance with our instructions and are bound to confidentiality and secrecy when handling your personal data.
We may also transfer your personal data to other legal entities within RUAG for the purpose of internal group administration and for the various processing purposes described in this Privacy Notice. This means that your personal data can also be processed and combined with personal data originating from another RUAG legal entity for the respective purposes.
We may also disclose your personal data to third party service providers who perform certain business operations on our behalf („processors“), in particular:
- IT services, for example data storage, cloud services, data analytics etc.;
- consulting services, for example tax consultants, lawyers, management consultants, recruitment etc.
There are other cases where we may disclose your personal data, for instance:
- We may disclose your personal data to third parties (for example authorities) if this is required by law. We also reserve the right to process your personal data in order to comply with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons.
- We may disclose your personal data to third parties (for example acquirer) if this is necessary for a corporate transaction.
5. When do we disclose your personal data to third countries?
The recipients of your personal data (section 4) may be located abroad, including in countries even outside of Switzerland, the EU or the EEA which may not have laws that protect your personal data to the same extent as the laws in Switzerland, the EU or the EEA. If we disclose your personal data to a recipient in such a country, typically enter into a data transfer agreement to ensure adequate protection of your personal data, including contracts. Please contact the RUAG Data Protection Team (email@example.com) should you need more information in this regard.
6. How do we protect your personal data?
We apply appropriate technical and organisational security processes to safeguard the security of your personal data and to protect it against unauthorised or unlawful processing and to prevent the risk of loss, unintentional alteration, unintentional disclosure or unauthorised access.
7. How long do we retain your personal data?
We retain your personal data for no longer than this is necessary for the purposes for which the information is collected or to comply with legal retention obligations.
8. What are your rights with respect to your personal data?
You have the following rights within the limits set forth in applicable law: You may inter alia request to access your personal data as processed by us, to ask us for correction or erasure, to request that the personal data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format.
You may also withdraw consent, if you have provided consent for RUAG to process your personal data. You also have the right to complain to a data protection authority about how we have used your personal data.
11. Contact details
If you have any questions or would like to exercise your rights in relation to the processing of your personal data, please contact the RUAG Data Protection Team (firstname.lastname@example.org).