«Personal data» means data relating to identified or identifiable individuals, which means that the relevant data, in combination with additional data, make it possible to draw conclusions about the identity of these individuals. «Sensitive personal data» is a subset of personal data that is specially protected under the applicable data protection law. This includes, for example, data revealing racial or ethnic origin, health data, religious or philosophical beliefs, biometric data for identification purposes, and information relating to trade union membership. In Section 3 you will find information about the data we process in accordance with this Privacy Notice. «Processing» means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure and erasure.
For each processing activity, there are one or several parties that are responsible for ensuring that the processing complies with data protection law. This party is called the controller. The controller is responsible, for example, for responding to access requests (Section 10) or for ensuring that personal data is processed securely and not used in an unlawful manner.
Additional parties may be joint controllers for the processing set out in this Privacy Notice if they participate in determining the purpose or means of the processing. If you wish to receive information about the controllers for a specific processing activity, you are welcome to ask us as part of your access right (Section 10). We remain your primary contact, even if there are other joint controllers.
In Section 3, Section 6 and Section 11, you will find additional information about third parties with whom we work together and who are controllers for their processing. If you have any questions for these third parties or if you wish to exercise your rights, please contact them directly.
Technical data includes the IP address and information about the operating system of your terminal device, the date, region and time of use and the type of browser that you use to access our electronic offerings. We know through which provider you access our offerings (and therefore also the region) because of the IP address, but usually this does not tell us who you are. Examples of technical data include protocols («logs») that are created in our systems (for example, the log of user logins to our website).
Registration data includes the information you provide when you create an account on our recruitment portal (for example, username, password, name, e-mail). In relation to access controls, we may need to register you with your data (access codes in badges, biometric data for identification) (see the category «other data»).
Communication data is your name and contact details, the means, place and time of the communication and usually also its contents (i.e., the contents of e-mails, letters, chats, etc.). This data may also include information about third parties. For identification purposes, we may also process your ID card number or a password set by you.
Job application data includes data such as name, mailing address, e-mail address, telephone number and other contact details, photograph, gender, date of birth, nationality, passport number, immigration status, marital status, number of children, name of relatives working for Swissgrid, salary requirements, function, membership in professional associations; moreover, information on your academic background, diplomas, certificates, academic transcript of records, technical skills, language skills, employment history (including job titles, salary and working hours), reference information from third parties (to the extent permitted), and extracurricular activities.
Depending on the type of position, we may ask you to provide us with additional information, such as a work permit, a clean criminal record, an extract from the debt collection register or medical certificates. Under certain circumstances, we are also required by law to conduct a trustworthiness check, about which we will inform you separately if necessary. If necessary, we will obtain your consent for this.
Publicly available data includes data such as professional connections on a social media platform, activity on the platform (posts, comments, «likes»), photographs, videos (for example, attended or organised webinars, conferences), skills, endorsements, licenses, certifications, publications, and interests (pages, companies and people «followed» on the platform).
Reference data includes data such as information about your relationship with the referral person, your personality, abilities, qualifications, contributions to the company, work ethics and job performance.
The categories of personal data that we receive about you from third parties include, in particular, information regarding the validation of the information you have provided us in your job application data (for example, university degrees, former employments, etc.), other background check information (for example, your debt collection status or sanctions listing status, where relevant), what you have been posting on the internet or data from other persons about you (for example, appraisals of you on your professional social media profile) and information from our other contractual partners about your use of our services (for example, job applications submitted on the job portal).
The above include all purposes in relation to the pre-contractual steps necessary for the purposes of entering into an employment contract with you.
Most of the data we process is obtained from you directly in your application documents. Certain data, however, is obtained from third parties (for example, referees, supervisors, colleagues) or from public sources (for example, professional social media networks, such as LinkedIn and Xing). Again, we process this data to assess your suitability for the position for which you have applied
We strive to continuously improve our services on the recruitment portal and to respond quickly to changing needs. We therefore analyse, for example, how you navigate through our recruitment portal and how new layouts of such recruitment portal might look (for further details, see Section 11). This helps us understand the market acceptance of existing services on the recruitment portal and the market potential of new services on the recruitment portal. To this end, we process in particular behavioural data and preference data, but also communication data and other information, for example from social media, the internet and other public sources. We also want to understand the employment market and we want to improve the way we identify and employ new employees. This may require us to use job application data, publicly available data, and candidate assessment data to analyse it and create statistics. We also create key performance indicator (KPI) statistics that enable us, for example, to determine the duration of the vacant position and the gender composition of the group of candidates. We use pseudonymised or anonymised data for these purposes, to the extent possible.
We continuously review and improve the appropriate security of our IT and other infrastructure (for example, buildings). Like all companies, we cannot exclude data security breaches with absolute certainty, but we do our best to reduce the risks. We therefore process data, for example, for monitoring, inspecting, analysing and testing our networks and IT infrastructures, for system and error checks, for documentation purposes and in the context of backups. Access controls include controlling access to electronic systems (for example, logging into user accounts on the recruitment portal), as well as physical access control (for example, building access when you are invited to participate in an interview or take a job readiness test). For security purposes, we also keep access protocols and visitor lists and use surveillance systems (for example, security cameras). We will inform you about surveillance systems at the relevant locations through appropriate signage.
This includes implementing security concepts to prevent fraud and other criminal offences. We may also be required to make certain clarifications about you or to report to the authorities in certain cases. Disclosure, information or reporting obligations, for example, in connection with supervisory authorities and archiving obligations and the prevention, detection and investigation of criminal offences and other violations. This also includes receiving and processing complaints and other reports, monitoring communications, disclosing documents to an authority if we have sufficient reasons to do so or are legally obliged to do so. For all these purposes, we process in particular your job application data and communication data, but also, under certain circumstances, behavioural data and data from the category of «other data». The legal obligations may arise under Swiss law.
For these purposes, we process in particular master data, contract data, registration data and technical data, but also behavioural and communication data. For example, as part of our financial management, we need to monitor our accounts receivable and accounts payable, and we need to avoid becoming victims of crime and abuse, which may require us to analyse data for relevant patterns of such activities.
These further purposes include, for example, administrative purposes (such as managing job application data, reference data, and data archiving, and testing, managing and continuously improving IT infrastructure), protecting our rights (for example, to enforce claims in or out of court, and before authorities in Switzerland, and to defend us against claims, for example by preserving evidence, conducting legal assessments and participating in court or administrative proceedings) and evaluating and improving internal processes. This also includes safeguarding other legitimate interests that cannot be named exhaustively.
Many countries outside of the EEA, the United Kingdom and Switzerland currently do not have laws that ensure an adequate level of data protection under the FADP. The contractual arrangements mentioned compensate for this weaker or missing legal protection to some extent. However, contractual precautions cannot eliminate all risks (namely of government access abroad). You should be aware of these remaining risks, even though they may be low in an individual case, and we take further measures (for example, pseudonymisation or anonymisation) to minimise them.
Documentation and evidence purposes include our interest in documenting the recruitment processes and our decision-making process in relation to the recruitment processes, as well as our interactions and other facts in view of legal claims, inconsistencies, IT and infrastructure security requirements and demonstrating good corporate governance and compliance. Retention may be a technical requirement if certain data cannot be separated from other data and we therefore need to keep it with it (for example, in case of backups or document management systems).
Technical and organisational security measures may include encryption and pseudonymisation of data, logging, access restrictions, keeping backup copies, giving instructions to our employees, entering confidentiality agreements, and monitoring. Specifically, we take appropriate organisational measures to ensure that our employees have access to your data on a need-to-know basis, to the extent necessary for the purposes described in this Privacy Notice and the activities of the employees concerned. This includes, in particular, the hiring manager and the hiring team members at Swissgrid, the employees of the human resources department and support areas, such as the administrative and IT departments. Our employees act in accordance with our instructions and are bound to confidentiality and discretion when processing your data.
We protect your data that is sent through our website in transit by appropriate encryption. However, we can only secure areas in our control. We also require our data processors to take appropriate security measures. However, security risks can never be excluded completely; residual risks are unavoidable
In particular, we may need to continue to process and keep your personal data in order to enter into and perform an employment contract with you (in such case, your data will become part of your personnel file with us), to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permitted, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we may also reject a subject request in whole or in part (for example, by redacting content that concerns third parties or our trade secrets).
Cookies are individual codes (for example, a serial number) that our server or a server of our service providers or advertising partners transmits to your system when you connect to our website, and that your system (browser, mobile phone) accepts and stores until the set expiration time. Your system transmits these codes to our server or the third-party server with each additional access. That way, you are recognised even if your identity is unknown.
Other technologies may be used to recognise you with some likelihood (i.e., distinguish you from other users), such as «fingerprinting». Fingerprinting combines your IP address, the browser you use, screen resolution, language settings and other information that your system tells each server), resulting in a more or less unique fingerprint. This makes it possible to go without cookies.
Whenever you access a server (for example, when you use our recruitment portal or related apps, or because an e-mail includes a visible or invisible image), your visits can therefore be «tracked». If we integrate offers from an advertising partner or a provider of an analysis tool on our recruitment portal, it may track you in the same way, even if you cannot be identified in a particular case.
We receive data about you when you visit the LinkedIn corporate page of Swissgrid and communicate with it through this page, when you view the job offers that Swissgrid publishes on its corporate page, when you apply directly to a job offer published by Swissgrid using the «easy apply» button and thereby provide it with the job application data (such as your name, email address, phone number and curriculum vitae), and when you share your LinkedIn profile with Swissgrid, including the job application data contained therein, by using the «apply» button provided on the LinkedIn job post. LinkedIn also collects technical data, registration data, communication data, behavioural data and preference data from you or about you, among other things (see Section 3 about these terms). In principle, LinkedIn also performs statistical analysis of the way you interact with us, how you use our LinkedIn corporate page and our content or other parts of the platform (what job post you viewed, applied to, «saved» on your user account, etc.) and combines this data with other information about you (for example, information about your age and your gender and other demographic information). That way, LinkedIn creates profiles about you and statistics on the use of our corporate page. LinkedIn uses this data and pages to display to you our or other advertisements and other personalised content on the platform and to manage the behaviour of the platform, but also for market and user research and to provide us and other parties with information about you and the use of our corporate page. We can control the analysis that LinkedIn generates regarding the use of our corporate page to some extent.