Information security, data protection and quality policy at archivsuisse
archivsuisse is a leading quality service provider for the physical and digital archiving of files and documents and for related (consulting) services (records management, digitization, archival maintenance) throughout Switzerland. archivsuisse offers its solutions for companies, doctors, administration and private individuals.
archivsuisse is aware that its business activities take place in a sensitive area in terms of data protection law. Within the framework of its quality policy, the concerns of information security and data protection enjoy the highest priority at archivsuisse.
Information security and data protection
archivsuisse takes all necessary measures to implement the legal requirements of data protection and information security in its field of activity. Central aspects hereof are:
- archivsuisse undertakes to comply strictly with the legal, contractual and additional internal data protection provisions as well as any other special legal provisions.
- archivsuisse is aware that, as an outsourcing partner (“processor” according to the Swiss Federal Act on Data Protection (DSG)), it may only process the data of its customers (“contollers” according to DSG) for the contractually agreed purposes. By "processing" archivsuisse mainly understands the retention, archiving, release to authorised persons and destruction of the data – as well as taking minutes of these process steps.
- In all its phases data processing occurs in a secure and supervised environment; archivsuisse takes the appropriate technical and organisational measures for this purpose.
- The effectiveness of the measures taken by archivsuisse relating to information security and data protection are continuously reviewed and appropriate corrective measures are taken where necessary. archivsuisse is committed to the continuous development of its own information security and data protection management system. External certification and penetration audits monitor these efforts.
- archivsuisse ensures that the legal rights such as the right to information or the right to rectification can be exercised by the natural or legal persons concerned. However, in the case of data that archivsuisse processes on behalf of a customer, this can only be done in consultation with the latter. Requests for information or correction of data should be addressed to the responsible person, or to:
- archivsuisse itself does not obtain or process any personal data (except for employee files and customer contact data), nor does it evaluate such data via its own website. There is no exchange of such data with third parties (i.e. via plug-ins, cookies, etc.).
- archivsuisse is certified in quality management (ISO 9001) and data protection (GoodPriv@cy, additionally for the Berne location: VDSZ data protection management system). archivsuisse (Zurich location only) undertakes to comply with the FINMA directives (special FINMA circular 2008/7) and to periodical auditions by a FINMA-certified auditor.