The purpose of this regulation is to protect the personality and fundamental rights of people defined in art. 3 below that are being processed.
It governs the security requirements for the collection, retention, operation, modification, communication and archiving of the personal data of REGDATA SA employees and customers, the following “REGDATA”.
This regulation applies to all personal data:
This regulation does not apply to:
Access to data: ability to access personal data, in accordance with a specific access profile or permission granted by the file master.
Archive: the time at which files containing employees’ personal data are no longer exploited, but simply kept in order to meet legal requirements.
Entitled: anyone entitled to a profile of access to personal data or authorized by the master of the file.
Data category: grouping of personal data of employees or clients, depending on their nature (identity, individual, family-related, contractual, position-related, competency-related, administrative, financial, evaluation-related, complementary, historical).
Collaborator: any person employed by any of the entities of the REGDATA group (employment contract), including trainees (internship contract), apprentices (apprenticeship contract) and Matupro students (MPC contract).
Data Protection Advisor: Person acting on behalf of REGDATA, which controls the processing of personal data, makes any necessary corrections and maintains an inventory of files managed by the file master.
Data disclosure: making personal data accessible, for example by authorizing its consultation, transmitting it or disseminating it.
Personaldata: information about an identified or identifiable person.
Physical record: personal data of the client, in the form of documents, including the resume, the contract of engagement or any internal questionnaire.
File: any set of personal data, the structure of which allows the search for data by the person concerned, in particular the physical record of a person or all the information contained in the information system specific to Human Resources.
HRD: REGDATA Human Resources Directorate.
GRH: human resources manager, in charge of employees in an industry, who can be delegated HRD functions.
Filemaster: person acting on behalf of REGDATA, validating the purpose and content of the file, as well as the rights to access the so-called file, in accordance with the LPD or equivalent laws.
Levels of data protection: categorization of personal data, based on its degree of confidentiality, i.e.:
Access profile: a profile determined in relation to the function and professional responsibilities, granting the beneficiary access to certain categories of personal data.
Data processing: any transaction related to personal data, regardless of the means and processes used, including data collection, retention, operation, modification, communication and archiving.
REGDATA collects personal information about its customers, in order to provide business line managers with the personal and statistical data of their customers, necessary to carry out their business.
The content of the information collected is limited to the customer data necessary to execute a commercial contract. Customers are required to provide all the data required for this purpose.
The data collected may take physical or electronic form.
188.8.131.52. Physical records
The physical records of clients are kept by the Management and sales managers, in a cupboard or archives whose access is reserved for employees.
184.108.40.206. Computerized data
Personal customer data collected on computer media is retained under the responsibility of the backup administrator.
220.127.116.11. Preservation time
Customers’ personal data is kept from the time registration and without any time limit, except in cases of force majeure.
18.104.22.168. Physical Records
The physical records of clients are held until 31 December of the current year plus the previous year within REGDATA, and then deposited in the archives with Secur’Archiv. Access to these archives is regulated according to these regulations and according to the processes of Secur’Archiv.
22.214.171.124. Computerized data
Computerized data is not entered into an electronic archiving system (CAS) but is retained in document management systems for customer data.
Only persons authorized by this regulation or expressly authorized by the file master can exploit the personal data of customers, for exclusively professional purposes.
Employees are required at all times:
Both employees and customers are properly informed that any misrepresentation or concealment of useful data is their responsibility.
The team leaders ensure that the employees in their charges carry out their duty of information. They also ensure that the personal data of employees and customers whose treatment is theirs is kept up-to-date.
126.96.36.199. The employee’s communication of his own personal data
Every employee is entitled to disclose his or her own personal data to third parties at his or her discretion.
However, it is bound to a strict confidentiality with regard to private data that may reveal professional information, in accordance with the content of its employment contract.
188.8.131.52. Communication within REGDATA
184.108.40.206. REGDATA external communication
Any disclosure of personal data relating to employees outside REGDATA, subject to “Public” level data, must be subject to express prior authorization from the file master, including in cases where this communication is intended for a third party bound by a mandate with REGDATA.
220.127.116.11. Authorisation of the file master and written statement
In the case of communication authorized by the master of the file, the recipient is obliged to sign a confidentiality agreement, making him in particular attentive to the criminal consequences of a violation of the duty of discretion defined by the applicable legislation.
If the recipient is bound by a mandate with REGDATA and to the extent that the terms and conditions of that mandate are sufficiently binding in terms of the duty of confidentiality, the file master may exempt him from signing such a commitment.
The contents of physical files can only be accessed by the Directorate and the authorized Human Resources staff.
Each employee has access to his physical file, at the request addressed to the HRM in charge of his line of activity.
Data protection laws, applicable in Switzerland and abroad, allowing third parties to access the data are reserved.
18.104.22.168. Customers’ access to their own data
Each client has access to their personal data processed by Finance, in accordance with their access profile on the commercial platforms (RegData Protection Suite and REGDATA SaaS) of REGDATA.
22.214.171.124. Access to “Public” and “Internal” personal data
Each REGDATA employee and client has access to the personal data of the “Public” and “Internal” levels of all REGDATA employees.
126.96.36.199. Access to “Confidential” Personal Data
Access to other personal data of employees and clients, i.e. those at “Confidential” levels, is governed by predetermined access profiles according to the needs and responsibilities specific to the professional function of their beneficiary (including the functions Direction, Finance, HR, Security, and hierarchical or functional responsibilities).
The different access profiles are subject to change, at any time, by the file master.
Each access profile gives its recipient, for each specific personal data category, one of three options:
188.8.131.52. Access to permission from the file master
Any “D” access request must be motivated and addressed to the file master, using the form made available by REGDATA.
The file master is entitled to grant or not access to the data required by the recipient of the access profile. If so, he or she has the applicant sign a confidentiality agreement. It takes all necessary and useful measures to ensure the confidentiality of the data concerned.
When REGDATA employs the services of external collaborators it complies with the provisions of this Regulation. In particular, it will make sure to limit access to the data of these employees to only those authorized.
Any employee for the benefit of an access profile or permission granted by the file master is required to ensure the protection of the data to which he accesses.
It is required to use the data strictly for the purpose assigned to it.
It is only permitted to disclose such data to third parties in accordance with the rules set out in Chapter 5.1.6. Above.
Any violation of data protection rules will involve blocking the access profile. In addition, any violator will be subject to appropriate internal sanctions, ranging from warning to dismissal. Possible criminal sanctions remain reserved.
The Customer is responsible for providing all the personal data required by REGDATA and ensuring its veracity. He is required to announce without delay any changes to his personal data.
The Customer is duly informed in the General Terms that any misrepresentation or concealment of useful data is personally responsible.
The master of the file is designated by Human Resources. In case of absence, the file master can only be validly replaced by one of the data protection advisors.
The file master’s mission is to determine the purpose, content and access to the personal data of employees processed by Human Resources.
To this end, the master of the file is entitled to:
The data protection advisor is appointed by the file master. This may be a member of its staff or a third party, with the necessary professional knowledge and not engaged in any activity incompatible with his or her advisory duties. The data protection advisor performs his function independently, without receiving instructions from the file master.
The data protection advisor’s mission is to monitor the processing of personal data carried out and, if necessary, to propose the necessary corrections.
To this end, it is entitled to:
This regulation comes into force with immediate effect. It has no retroactive effect.
It can only be changed by the file master or data protection advisor.