The ARKEFI Ltd (also «we», «us»), for the purposes of this data protection declaration to be understood as the ARKEFI Ltd., the holding company, and all its subsidiaries, collects and processes personal data that concern you but also other individuals («third parties»). We use the word «data» here interchangeably with «personal data».
«Personal data» means data relating to identified or identifiable individuals, which means that the relevant data, in combination with additional data, make it possible to draw conclusions about the identity of these individuals. «Sensitive personal data» are a subset of personal data that is specially protected under applicable data protection law. These include, for example, data revealing racial or ethnic origin, health data, religious or philosophical beliefs, biometric data for identification purposes, and information relating to trade union membership. In Section 3, you will find information about the data we process in accordance with this Privacy Notice. «Processing» means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure and erasure.
In this Privacy Notice, we describe what we do with your data when you use www.arkefi.com/cms, or other websites or apps (collectively «website»), obtain services or products from us, interact with us in relation with a contract (such as admission ticket purchase, supplier contract, storage, custody etc.), visit our videos, communicate with us or otherwise deal with us. When appropriate we will provide a just-in-time notice to cover any additional processing activities not mentioned in this Privacy Notice. In addition, we may inform you about the processing of your data separately, for example in consent forms, terms and conditions, additional privacy notices, forms and other notices.
If you disclose data to us or share data with us about other individuals such as family members, co-workers, etc., we assume you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.
This Privacy Notice is aligned with the EU General Data Protection Regulation («GDPR») and the Swiss Data Protection Act («DPA») and the revised Swiss Data Protection Act («revDPA»). However, the application of these laws depends on each individual case.
The ARKEFI Ltd., Zürich (the «ARKEFI») is the controller for the ARKEFI's processing under this Privacy Notice, unless we tell you otherwise in an individual case, for example in additional privacy notices, on a form or in a contract. However, unless we tell you otherwise, this Privacy Notice also applies where another group company of the ARKEFI is the controller, instead of the ARKEFI Ltd. This applies, in particular, where your data is processed by such a group company in relation with legal obligations or contracts with such a group company or where data is exchanged with such a group company.
For each processing activity there are one or several parties that are responsible for ensuring that the processing complies with data protection law. This party is called the controller. It is responsible, for example, for responding to access requests (Section 11) or for ensuring that personal data is processed securely and not used in an unlawful manner.
Additional parties may be joint controllers for the processing set out in this Privacy Notice if they participate in determining the purpose or means of the processing. All group companies may act as joint controllers. If you wish to receive information about the controllers for a specific processing activity, you are welcome to ask us as part of your access right (Section 11). We remain your primary contact, even if there are other joint controllers.
In Section 3, Section 7 and Section 12, you will find additional information about third parties with whom we work together and who are controllers for their processing. If you have any questions for these third parties or if you wish to exercise your rights, please contact them directly.
You may contact us for data protection concerns and to exercise your rights under Section 11 as follows:
ARKEFI AGWe have appointed the following position:
Data Protection Officer according to articles 37 et seq. GDPR and Representative in the EU according to article 27 GDPR:
Mr. Patrick Schweiger, MLawDepending on the reason for your relationship with us and depending on the services and products you receive from us, we process different data (including current but also previous versions where information changes over time) from different sources. Below we set out the main categories of this data:
When you use our website or other online offerings, we collect the IP address of your terminal device and other technical data in order to ensure the functionality and security of these offerings. This data includes logs with records of the use of our systems. We generally keep technical data for 5 years. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your terminal device (for example as a cookie, see Section 12). Technical data as such does not permit drawing conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation with user accounts, registrations, access controls or the performance of a contract.
Technical data includes the IP address and information about the operating system of your terminal device, the date, region and time of use and the type of browser that you use to access our electronic offerings. This may help us to provide an appropriate layout of the website or, for example, to display a sub-page for your region. We know through which provider you access our offerings (and therefore also the region) because of the IP address, but usually this does not tell us who you are. However, this changes for example when you create a user account, because personal data can then be linked with technical data (for example, we can know the browser you use to access an account through our website). Examples of technical data include protocols («logs») that are created in our systems (for example the log of user logins to our website).
Certain offerings, for example competitions, and services (such as login areas of our website, newsletters, free WLAN access, etc.) can only be used with a user account or registration, which can happen directly with us or through our third-party login service providers. In this regard you must provide us with certain data, and we collect data about the use of the offering or service. If we or our contractual partners issue vouchers or invitations for events, we may require certain data when you redeem them, which we share with the issuing contractual partner (see Section 7). Registration data may be required in relation with access control to certain facilities (applications). We generally keep registration data for 5 years from the date the use of the service ceases or the user account is closed.
Registration data includes the information you provide when you create an account on our website (for example username, password, name, e-mail). However, it also includes the data that we may require from you before you can use certain free services, such as, for example, our newsletter. If you wish to register our newsletter you must register. In this case: Name, e-mail and telephone number will be requested. In relation with access controls, we may need to register you with your data (access codes in badges) (see the category «other data»).
When you are in contact with us via the contact form, by e-mail, telephone or chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we have to determine your identity, for example in relation with a request for information, a request for press access, etc., we collect data to identify you (for example a copy of an ID document). We generally keep this data for 5 years from the last exchange between us. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years. Chats are generally stored for 5 years.
Communication data is your name and contact details, the means, place and time of communication and usually also its contents (i.e. the contents of e-mails, letters, chats, etc.). This data may also include information about third parties. For identification purposes, we may also process your ID document number or a password set by you or your press pass. For secure identification, the following required information must be provided for media inquiries: Publisher, name of publication, title, first name, surname, postal address, e-mail address, (mobile) phone number, function in the company, portrait-photo, copy of press card or any similar document, which gives evidence on the journalistic work, of the reporter.
With master data we mean the basic data that we need, in addition to contract data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner such as an exhibitor or an event organizer (for example as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you (for example when you make a purchase or as part of a registration), from parties you work for, or from third parties such as contractual partners, associations and address brokers, and from public sources such as public registers or the internet (websites, social media, etc.). We may also process health data and information about third parties as part of master data. We may also collect master data from our shareholders and investors. We generally keep master data for 10 years from the last exchange between us but at least from the end of the contract. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. For contacts used only for marketing and advertising, the period is usually much shorter, usually no more than 5 years from the last contact.
Master data includes data such as name, address, e-mail address, telephone number and other contact details, gender, date of birth, nationality, data about related persons, websites, social media profiles, photos and videos, copies of ID cards; moreover, details of your relationship with us (customer, supplier, visitor, service recipient, etc.), details of your status, allocations, classifications and mailing lists, details of our interactions with you (if applicable, a history thereof with corresponding entries), reports (for example from the media), or official documents (for example excerpts from the commercial register, permits, etc.) that concern you. As payment information, we collect, for example, your bank details and account number. Declarations of consent and opt-out information are also part of the master data, as well as information about third parties, for example contact persons, recipients of services, advertising recipients or representatives.
In relation with contact persons and representatives of our customers, suppliers and partners, master data includes, for example, name and address, information about the role or function in the company, qualifications and (where applicable) information about superiors, co-workers and subordinates and information about interactions with these persons.
Master data is not collected comprehensively for all contacts. The data collected in an individual case depends mostly on the purpose of the processing activity.
This means data that is collected in relation with the conclusion or performance of a contract, for example information about the contracts and the services provided or to be provided, as well as data from the period leading up to the conclusion of a contract, information required or used for performing a contract, and information about feedback (for example complaints, feedback about satisfaction, etc.). This includes health data and information about third parties, for example about physical limitations (reliance on a wheelchair, etc.). We generally collect this data from you, from contractual partners and from third parties involved in the performance of the contract, but also from third-party sources (for example credit information providers) and from public sources. We generally keep this data for 10 years from the last contract activity but at least from the end of the contract. This period may be longer where necessary for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.
Contract data includes information about the conclusion of the contract, about your contracts, for example, the type and date of conclusion, information from the application process (such as the application for the performance of our products or services or the registration for participation in an event) and information about the relevant contract (for example its duration) and the performance and administration of the contracts (for example information in relation with billing, customer service, technical assistance and the enforcement of contractual claims). Contract data also includes information about deficiencies, complaints and changes of a contract as well as customer satisfaction information that we may collect for example through surveys. Contract data also includes financial data, such as credit information (meaning information that allows to draw conclusions about the likelihood that receivables will be paid), information about reminders and debt collection. We receive this data partly from you (for example when you make payments), but also from credit agencies, payment providers and debt collection companies and from public sources (for example a commercial register).
Depending on our relationship with you, we try to get to know you better and to tailor our products, services and offers to you. For this purpose, we collect and process data about your behaviour and preferences. We do so by evaluating information about your behaviour in our domain, and we may also supplement this information with third-party information, including from public sources. Based on this data, we can for example determine the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is already known to us (for example where and when you use our services), or we collect it by recording your behaviour (for example how you navigate our website or for example by detecting your motion profile through your use of your cell phone). We anonymize or delete this data when it is no longer relevant for the purposes pursued, which may be – depending on the nature of the data – between 3 years (for motion profiles) and 5 years (for product and service preferences). This period may be longer as for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. We describe how tracking works on our website in Section 12.
Behavioural data is information about certain actions, such as your response to electronic communications (for example if and when you have opened an e-mail) or your location, as well as your interaction with our social media profiles and your participation in sweepstakes, competitions and similar events. For example, we may collect your location data wirelessly through unique codes that your cell phone emits or when you use our website. We will use signage at the relevant locations to tell you about the collection of such anonymous motion profiles, and we will only create personalized motion profiles with your consent.
Preference data tells us what your needs are, which products or services might be of interest to you or when and how you will likely respond to messages from us. We obtain this information from the analysis of existing data, such as behavioural data, so that we can get to know you better, tailor our advice and offers more precisely to you and generally improve our offers. To improve the quality of our analyses, we may combine this data with other data that we also obtain from third parties, such as address dealers, administrative offices and publicly available sources such as the Internet, for example with information about your household size, income bracket and purchasing power, shopping behaviour, contact data of relatives, and anonymous information from statistical offices.
Behavioural and preference data may be analysed on a personally identifiable basis (for example to show you personalized advertising), but also on a non-identifiable basis (for example for market research or product development). Behavioural and preference data may also be combined with other data (for example, motion data may be used for contact tracing as part of a health protection concept).
We also collect data from you in other situations. For example, data that may relate to you (such as files, evidence, etc.) is processed in relation with administrative or judicial proceedings. We may obtain or create photos, videos and sound recordings in which you may be identifiable (for example at events, with security cameras, etc.). We may also collect data for health protection (for example as part of health protection concepts). We may obtain or create photos, videos and sound recordings in which you may be identifiable (for example at events, with security cameras, etc.). We may also collect data about who enters certain buildings, and when or who has access rights (including in relation with access controls, based on registration data or lists of visitors, etc.), who participates in events or campaigns (for example competitions) and who uses our infrastructure and systems and when. Moreover, we collect and process data about our shareholders and other investors, in addition to master data, including information for registers, in relation with the exercise of their rights and with events (for example general meetings). The retention period for this data depends on the processing purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras, to usually a few weeks in case of data for contact tracing and visitor data that is usually kept for 5 years to several years or longer for reports about events with images. Data relating to you as a shareholder or investor is kept in accordance with corporate law, but in any case for as long as you are invested.
Much of the data set out in this Section 3 is provided to us by you (for example through forms, in relation with communication with us, in relation with contracts, when you use the website, etc.). You are not obliged or required to disclose data to us unless there is an administrative order or a legal obligation to do so. If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular master data, contract data and registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data cannot be avoided. If you wish to gain access to certain systems or buildings, you must also provide us with registration data. However, in the case of behavioural and preference data, you generally have the option of objecting or not giving consent.
We provide certain services to you only if you provide us with registration data, because we or our contractual partners wish to know who uses our services or has accepted an invitation to an event, because it is a technical requirement or because we wish to communicate with you. If you or the person you represent wishes to enter into or perform a contract with us, we must collect master data, contract data and communication data from you, and we process technical data if you wish to use our website or other electronic offerings for this purpose. If you do not provide us with the data necessary for the conclusion and performance of the contract, you should expect that we may refuse to conclude the contract, that you may commit a breach of contract or that we will not perform the contract. Similarly, we can only submit a response to a request from you if we process communication data and – if you communicate with us online – possibly also technical data. Also, the use of our website is not possible without us receiving technical data.
As far as it is not unlawful, we also collect data from public sources (for example debt collection registers, land registers, commercial registers, the media, or the internet including social media) or receive data from other companies within our group, from public authorities and from other third parties (such as credit agencies, address brokers, associations, exhibitors and other contractual partners, internet analytics services, etc.).
The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we receive in relation with administrative and legal proceedings, information in relation with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your assistance), information about you in correspondence and meetings with third parties, credit information (where we conduct business with you in a personal capacity),information about you that persons related to you (family, advisors, legal representatives, etc.) share with us so that we can conclude or perform contracts with you or involving you (for example references, your delivery address, powers of attorney, information about compliance with legal requirements such as those relating to fraud prevention and the combating of money laundering and terrorist financing, export restrictions, information from banks, insurance companies, sales and other contractual partners of us about your use or provision of services (for example payments, purchases, etc.), information from the media and the internet about the use or provision of services by you (for example payments made, purchases made, etc.), information from the media and the internet about you (where appropriate in a specific case, for example in the context of an application, marketing/sales, press review, etc.), your address and potentially interests and other sociodemographic data (especially for marketing and research purposes) and data in relation with the use of third-party websites and online offerings where such use can be linked to you.
Last Updated: January 2025