Privacy Policy

Below, you will find the privacy policy for the website houseofmanus.ch

House of Manus AG expressly ensures compliance with Swiss data protection regulations. House of Manus AG is committed to ensuring the security of its systems, programs, and other resources under its ownership and influence, in accordance with the latest technological standards. House of Manus AG protects the website and associated systems with appropriate technical and organizational measures against loss, destruction, unauthorized access, modification, or dissemination of your data by unauthorized individuals.

House of Manus AG is committed to not sharing user data with third parties unrelated to the fulfillment of contractual obligations. However, House of Manus AG may disclose personal data to authorities in Switzerland or abroad as part of civil, administrative, or criminal proceedings, provided there is a legally binding and enforceable judgment, order, or legal obligation. System activities and traffic-related data are logged by House of Manus AG or third-party providers and retained to the extent and for the duration required by law.

Responsible for Data Processing

House of Manus AG

Sennweidstrasse 35

CH-6312 Steinhausen

workshop@houseofmanus.ch

+41 41 748 44 00

Data Protection Officer

Brand Leadership Management AG

Sascha Salis

Sennweidstrasse 35

CH-6312 Steinhausen

protection@brandleadership.ch

Assertion of Rights

To assert your rights under data protection laws or if you have any questions regarding the use, collection, or processing of your personal data, please contact: datenschutz@brandleadership.ch

Security and Protection of Your Personal Data

We consider it our top priority to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access.

As a private company, we are subject to the provisions of the Swiss Data Protection Act (DSG). We have implemented technical and organizational measures to ensure that data protection regulations are adhered to by both us and our external service providers.

Definitions

The legislator requires that personal data be processed in good faith and in a proportionate manner. To ensure this, we inform you about the specific legal definitions that are also used in this privacy policy:

  1. Personal data must be processed lawfully.
    The processing must be carried out in good faith and be proportionate.

  2. Personal data may only be collected for a specific and identifiable purpose; it may only be processed in a manner compatible with that purpose.

  3. It must be destroyed or anonymized as soon as it is no longer required for the purpose of processing.

  4. Anyone processing personal data must ensure its accuracy. They must take all reasonable measures to correct, delete, or destroy data that is inaccurate or incomplete in relation to the purpose for which it was collected or processed.

  5. The appropriateness of the measures depends, in particular, on the nature and scope of the processing, as well as the risk that the processing poses to the personality or fundamental rights of the data subjects.

  6. If the consent of the data subject is required, this consent is only valid if it is given voluntarily for one or more specific processing activities after appropriate information has been provided.

  7. Consent must be explicit for: the processing of particularly sensitive personal data; high-risk profiling by a private individual; profiling by a federal authority.

Information on the Collection of Personal Data

Below, we provide information on the collection of personal data when using our website. Personal data includes, for example, name, address, email addresses, and user behavior.

When using the website for informational purposes only, meaning if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display the website and ensure its stability and security:

  • IP address

  • Date and time of the request

  • Time zone difference from Greenwich Mean Time (GMT)

  • Content of the request (specific page)

  • Access status/HTTP status code

  • Amount of data transferred

  • Website from which the request originates

  • Browser

  • Operating system and its interface

  • Language and version of the browser software

After technical evaluation, this data is promptly deleted. The collection of this data serves the purpose of ensuring a proper display of our website offerings, as well as for security and confidentiality purposes.

Cookie Consent Tool

We use the Cookie Consent tool Cookiebot to obtain valid user consent for cookies and cookie-based applications that require consent. By integrating this consent tool, users are shown a banner when accessing the site, in which they can provide consent for specific cookies and/or cookie-based applications by ticking a box. The tool blocks the setting of all cookies that require consent until the user provides the appropriate consent by ticking the box. This ensures that such cookies are only placed on your device if you have given your consent. In order for the Cookie Consent tool to clearly associate page views with individual users, and to record, log, and store the consent settings made by you for the duration of the session, certain user information (including the IP address) is collected when our website is accessed. This information is transmitted to the server of the provider of the Cookie Consent tool and stored there. This data sharing is carried out in accordance with Art. 45c lit. b of the Swiss Telecommunications Act (FMG). As the data controller, we are legally obligated to make the use of technically unnecessary cookies dependent on user consent.

By using our website, access to information (e.g., IP address) or the storage of information (e.g., cookies) on your devices may occur. This access or storage may be associated with further processing of personal data in accordance with the Data Protection Act (DSG).

Use of Cookies

In addition to the previously mentioned data, cookies or similar technologies such as pixels (hereinafter referred to as "cookies") are used on your device when you use and visit our website. Cookies are either small databases stored by your browser on your device to store specific information or image files such as pixels. When you visit our website again with the same device, the information stored in the cookies is either sent back to our website ("First Party Cookie") or to another website to which the cookie belongs ("Third Party Cookie").

The website recognizes, through the stored and sent-back information, that you have already visited it using your device's browser. We use this information to optimize and display the website according to your preferences. Only the cookie itself is identified on your device. Personal data will only be stored beyond this if you give explicit consent or if it is strictly necessary to use the service offered and accessed by you.

This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Essential Cookies (Type a)

  • Functional and Performance Cookies (Type b)

  • Consent-Required Cookies (Type c)

Essential Cookies (Type a)

Essential cookies ensure the functions without which you cannot use our website as intended. These cookies are used exclusively by us and are therefore first-party cookies. This means that all information stored in the cookies is sent back to our website. Essential cookies, for example, allow you to stay logged in when accessing various subpages of our website, so you don't have to re-enter your login credentials every time you visit a new page. The use of essential cookies on our website is possible without your consent. Therefore, essential cookies cannot be individually enabled or disabled. However, you always have the option to disable cookies in your browser settings (see below).

Functional and Performance Cookies (Type b)

Functional cookies allow our website to store information you have already provided (such as registered name or language selection) and offer you improved and more personalized features based on that information. These cookies collect and store only anonymized information, so they cannot track your movements on other websites. Performance cookies collect information about how our websites are used to improve their attractiveness, content, and functionality. These cookies help us determine, for example, which subpages of our website are visited and which content is of particular interest to users. Specifically, we collect information on the number of visits to a page, the number of subpages accessed, the time spent on our website, the order of visited pages, the search terms that led you to us, the country, region, and possibly the city from which the access occurred, as well as the percentage of mobile devices accessing our websites. Additionally, we track movements, clicks, and scrolling with the mouse to understand which areas of our website are of particular interest to users. As a result, we can better tailor the content of our website to the needs of our users and optimize our offerings. The IP address of your computer transmitted for technical reasons is automatically anonymized and does not allow us to identify individual users.
You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.

Consent-Required Cookies (Type c)

Cookies that are neither essential (Type a) nor functional or performance cookies (Type b) are only used after your consent. We reserve the right to use information obtained through anonymized analysis of the user behavior of visitors to our website via cookies, to display targeted advertising for certain of our products on our own websites. We believe that you as a user will benefit from this because we will display advertisements or content that we assume match your interests based on your browsing behavior, and you will be shown less randomly placed advertisements or certain content that might be of less interest to you. Marketing cookies come from external advertising companies (third-party cookies) and are used to collect information about the websites visited by the user in order to create targeted advertising for the user.

The processing of cookies is based on Article 45c lit. b of the Swiss Telecommunications Act (FMG).

Opt-out for Marketing Cookies

You can also manage cookies used for online advertising through tools developed under self-regulation programs in many countries, such as the U.S.-based https://www.aboutads.info/choices or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices.

Management and Deletion of All Cookies

We would like to inform you that you can configure your internet browser to prevent cookies from being stored on your device in general, or you can be asked each time whether you agree to the use of cookies. Cookies that have already been set can also be deleted at any time. For detailed instructions on how to do this, please refer to the help function of your browser.

The cookies and third-party requests described above are set by the following services through our website on your device:

Google Analytics 4 (GA4)

This website uses Google Analytics 4, a service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables the analysis of website usage.

When using Google Analytics 4, so-called "cookies" are used. Cookies are databases stored on your device that allow for the analysis of your website usage. The information collected by cookies about your website usage (including the truncated IP address transmitted by your device, see below) is typically sent to a Google server where it is stored and processed. This may also involve the transmission of information to Google LLC's servers based in the USA for further processing. GA4 also offers server-side tracking, which allows us to pseudonymize user data on our own server before transmitting it to Google.

When using Google Analytics 4, the IP address transmitted by your device is automatically collected and processed in a pseudonymized manner, meaning that a direct personal connection to the collected data is excluded. If we do not perform server-side pseudonymization, automatic pseudonymization occurs as the IP address transmitted by your device is shortened by Google within Switzerland, EU member states, or other signatories of the European Economic Area (EEA) agreement.

Google uses this information, on our behalf, to evaluate your use of the website, compile reports about your website activities or usage behavior, and provide additional services related to your website usage and internet use. The truncated IP address transmitted from your device within Google Analytics 4 is not merged with other data from Google. Data collected through the use of Google Analytics 4 is stored for two months and then deleted.

Google Analytics 4 allows us to recognize the so-called "demographic features" of a user through browser fingerprints. This enables us to analyze cross-device information about the age, gender, and interests of website users based on interest-based advertising and third-party information. This helps us define and differentiate target groups for optimized marketing measures. However, the data collected through the "demographic features" cannot be attributed to any specific individual. Data collected via the "demographic features" function is retained for two months and then deleted.

All the aforementioned processing activities, particularly setting Google Analytics cookies for storing and reading information on your device used for website access, only occur if you have configured your browser to accept cookies. Otherwise, Google Analytics 4 will not be used during your visit to the website.

We have signed a data processing agreement with Google for our use of Google Analytics 4, which obligates Google to protect the data of our website users and not to share it with third parties.

The provider has signed the standard contractual clauses recognized by the Federal Data Protection and Information Commissioner (EDÖB) for the prevailing EU data protection regulations (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors). For further legal information on Google Analytics 4, please visit https://policies.google.com/privacy and https://policies.google.com/technologies/partner-sites.

We would like to inform you that you can refuse cookies. You can disable them at any time in your web browser.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The Google Tag Management solution offers the option to manage website tags for marketing purposes through an intuitive user interface. The Tag Manager is solely responsible for monitoring the triggering of tags. Relevant privacy policy statements for these specific third parties are available. However, this information is not used by the Google Tag Manager platform. If you have set up cookie deactivation or other adjustments, these settings will be respected for all tracking tags implemented using the Google Tag Manager, without the tool making any changes to your cookie settings.

We would like to inform you that you can refuse cookies. You can disable them at any time in your web browser.

Google Marketing Platform (formerly DoubleClick)

On our website, we use the online marketing tool Google Marketing Platform from Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4.

We use the tool for marketing and optimization purposes to display relevant and interesting ads to you and to improve our own marketing.

The Campaign Manager uses cookies that are locally stored by your web browser on your device. Using a cookie ID, Google tracks which ads are displayed in which web browser. This prevents ads from being shown multiple times. The Campaign Manager can also track "conversions" related to ad impressions, such as when an ad is shown and you visit the advertiser's website in the same browser.

Due to the technology used, your browser automatically establishes a direct connection with Google's server. We have no control over the extent and further use of the data collected by Google using this tool, and therefore inform you as best as we know: Through the inclusion of the Campaign Manager, Google receives the information that you visited the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that Google will learn and store your IP address.

The provider has signed the standard contractual clauses recognized by the Federal Data Protection and Information Commissioner (EDÖB) for the prevailing EU data protection regulations (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors). For more information on data usage by Google, settings and objection options, as well as data protection, you can refer to the following Google webpage: https://policies.google.com/privacy?hl=en&gl=en.

We would like to inform you that you can refuse cookies. You can disable them at any time in your web browser.

LinkedIn Insight Tag (Pixel)

On this page, we use the LinkedIn Insight Tag (Pixel). The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Through the LinkedIn Insight Tag, we receive information about the visitors to our site. If a user is registered with LinkedIn, we can analyze professional data (such as career level, company size, country, location, industry, and job title) of our page visitors to better tailor the site to relevant target groups. Additionally, the LinkedIn Insight Tag allows us to measure visitors' activities on our website (conversion tracking). This conversion tracking can also occur across multiple devices used by the same user. The LinkedIn Insight Tag also provides retargeting functionality, allowing us to display targeted ads outside the website, with LinkedIn stating that no identification of the targeted advertising recipient occurs.

We are jointly responsible for operating the site with LinkedIn and thus have "joint responsibility" towards the user. We have entered into an agreement with LinkedIn according to Article 33 of the GDPR.

LinkedIn also collects log files, which include URL, referrer URL, IP address, device and browser properties, and access time. IP addresses are truncated or pseudonymized (if used for cross-device access to LinkedIn members). LinkedIn deletes the IP addresses of LinkedIn members after seven days. The pseudonymized data collected in this way is deleted by LinkedIn within 180 days.

As a website operator, it is not possible for us to attribute the data collected in this way to specific individuals. LinkedIn also uses the data collected for its own advertising purposes, and it is likely that the data is stored on servers in the USA.

For details, refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.

To prevent LinkedIn from analyzing your usage behavior and to opt out of targeted advertising, you can do so via the following link: https://www.linkedin.com/psettings/guest-controls.

Additionally, LinkedIn members can control the use of their personal information for advertising purposes in their account settings. To avoid linking the data collected from our website with your LinkedIn account, we recommend logging out of your LinkedIn account before visiting our site.

We would like to inform you that you can refuse cookies. You can disable them at any time in your web browser.

Adobe Typekit

This page uses Web Fonts, provided by Adobe's Typekit program, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland, for the uniform display of fonts. When you visit a page, your browser loads the necessary web fonts into your browser cache to correctly display texts and fonts.

To do this, the browser you are using must connect to Adobe Typekit's servers. This allows Adobe Typekit to know that our website was accessed via your IP address. The use of Adobe Typekit Web Fonts is in the interest of a uniform and attractive presentation of our online offerings.

It may be that in this context, user data is processed on systems outside of Switzerland. Data transmissions abroad may be based on Article 17 of the Data Protection Act.

If your browser does not support web fonts, a standard font from your computer is used. More information on Adobe Typekit Web Fonts can be found at https://typekit.com/ and in Adobe Typekit's privacy notice at https://www.adobe.com/de/privacy/policies/typekit.html.

We would like to inform you that you can refuse cookies. You can disable them at any time in your web browser.

Vimeo

The provider for video hosting on Vimeo is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. This establishes a connection to Vimeo's servers. Vimeo is informed about which of our pages you have visited. Vimeo also gains access to your IP address, even if you are not logged into Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to Vimeo's servers in the USA. If you are logged into your Vimeo account, Vimeo can link your browsing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.

It may be that in this context, user data is processed on systems outside of Switzerland. Data transmissions abroad may be based on Article 17 of the Data Protection Act.

For more information on Vimeo's handling of user data, refer to Vimeo's privacy notice at https://vimeo.com/features/video-privacy.

We would like to inform you that you can refuse cookies. You can disable them at any time in your web browser.

Hotjar

On this website, after consent, we use the Hotjar analytics software. The provider is Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta.

By using Hotjar, we are able to analyze user behavior on the website in more detail and further optimize it. The information collected (mouse movements, clicks, scroll behavior) is transmitted anonymously to Hotjar. Information entered on our website is anonymized before being sent to Hotjar. Hotjar generates reports from this data, which are made available to us for analysis. To analyze user behavior across pages, Hotjar stores cookies on the user's device.

We would like to inform you that you can refuse cookies. You can disable them at any time in your web browser.

For more information on data protection, please visit https://www.hotjar.com/legal/policies/privacy.

The following social networks are integrated on our website:

YouTube

We have integrated videos from the provider YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. We have no influence on this data transmission. The purpose of the processing is for marketing purposes. Should we integrate videos into our website, we will implement this with the so-called two-click solution, so that the data (IP address) is only sent to Google once the element is active.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether YouTube provides a user account through which you are logged in or if no user account exists. If you are logged into Google, your data will be directly attributed to your account. If you do not wish for this attribution with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising purposes, market research, and/or needs-based design of the website. Such evaluations continue (even for non-logged-in users) to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, which you must exercise by addressing YouTube.

It may be that in this context data from users is processed on systems outside Switzerland. Data transfers abroad can be based on Art. 17 DSG. Further information on the purpose and scope of data collection and processing by YouTube can be found in YouTube's privacy policy. There you will also find more information about your rights and options for protecting your privacy: https://policies.google.com/privacy.

We would like to point out that you can refuse cookies, which you can disable anytime in your web browser. Additionally, Google offers several options for objecting to the collection of personal data by Google: https://policies.google.com/privacy#infochoices

Instagram

We maintain a page on the Instagram platform, which can be accessed via a link on our website. The platform is provided by Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland.

We would like to point out that you use this Instagram page and its functions at your own responsibility. This applies especially to the use of interactive functions (e.g., commenting or rating).
When visiting our Instagram page, Instagram collects among other things your IP address and other information stored in cookies on your computer. This information is used to provide us as the operators of the Instagram pages with statistical information about the use of the Instagram page. The data collected about you in this context is processed by Instagram Inc. and may be transferred to countries outside Switzerland and the European Union. The provider Meta Platforms describes in general terms how Instagram collects and uses this information in its privacy policy. There you will also find information about contact options for Instagram as well as options for ad settings.
The way Instagram uses data from visits to Instagram pages for its own purposes, how activities on the Instagram page are attributed to individual users, how long Instagram stores this data, and whether data from a visit to Instagram pages is shared with third parties is not conclusively and clearly stated by Instagram and is not known to us.

When accessing an Instagram page, the IP address assigned to your device is sent to Instagram. According to Instagram, this IP address is anonymized and deleted after 90 days. Instagram also stores information about the devices of its users (e.g., as part of the "Login Notification" function); it may therefore be possible for Instagram to attribute IP addresses to individual users.
If you are currently logged into Instagram, a cookie containing your Instagram ID is on your device. This enables Instagram to track that you visited the page and how you used it. This applies to all other Instagram pages as well.

Instagram’s privacy policy is available at the following link: https://help.instagram.com/519522125107875.

Request for Quotation

If you would like to make an inquiry via our website, it is necessary to provide your personal data, which we require to process your request and facilitate the conclusion of the contract. The requested information is mandatory for processing the contract initiation. We will process the data you provide to handle your request.

If no contract is concluded, the personal data from your inquiry will be deleted within 90 days after notification of the non-conclusion of the contract.

The basis for this data processing is your consent.

Contact

When you contact us via email or through our contact form, the data you provide (such as your email address, and possibly your name and phone number) will be stored by us in order to respond to your inquiries. We will delete the data related to this process once storage is no longer necessary, for example, when your request has been resolved. If legal retention requirements exist, the processing will be restricted accordingly. In the case of a contractual relationship arising from the contact, we will process the data as outlined above. The legal basis for this data processing is your consent.

Duration of Processing

We process your data only as long as necessary to fulfill our contract, comply with applicable legal regulations, and maintain our relationship with you. We will inform you about the specific retention period of your data within the description of the respective data processing. If no specific retention period is indicated there, it means we are unable to specify one, as it depends on various individual factors (e.g., contract duration, assertion of claims, etc.). In such cases, we follow the principles of data minimization and proportionality when determining the retention period.

Business documents are stored in accordance with the requirements of the Commercial Code and the Fiscal Code for up to 6 and 10 years, respectively. As long as you do not object or revoke your consent, we will use your data to maintain and enhance our trustworthy business relationship for mutual benefit. If you wish to have your data deleted, we will promptly delete it, unless there are legal retention obligations preventing the deletion.

Rights of the Data Subject

Right to Information

  1. If personal data is processed, you can request information at any time about this data and the following details.

  2. You will receive the information necessary to exercise your rights and ensure transparent data processing. In all cases, we will provide you with the following information: information about us as the data controller; the categories of personal data that we process; the purpose for which your data is being processed; the retention period of the personal data or, if this is not possible, the criteria for determining that period; available details about the source of your personal data, if the data was not collected directly from you as the data subject; if applicable, the existence of automated individual decision-making, including the logic involved in such decisions; if applicable, the recipients or categories of recipients to whom personal data is disclosed, as well as the information referred to in Article 19, Paragraph 4 of the Data Protection Act

  3. Health-related personal data can be shared with your consent through a healthcare professional designated by you.

  4. If we, as the data controller, process personal data through a data processor, we are required to provide information about this upon your request.

  5. As the data controller, we must provide this information free of charge. The Federal Council may provide exceptions, particularly when the effort is disproportionate.

  6. The information will generally be provided within 30 days.

Right to Data Release or Transfer

  1. As a data subject, you can request that we, as the data controller, release your personal data that has been communicated to you in a commonly used electronic format, if the processing is carried out using automated means; and the data is processed with the consent of the data subject or in direct connection with the conclusion or performance of a contract between the data controller and the data subject.

  2. As a data subject, you can also request that we, as the data controller, transfer your personal data to another data controller, provided that the conditions in the first paragraph are met, it is technically feasible, and it does not require disproportionate effort.

  3. We, as the data controller, must release or transfer the personal data free of charge. The Federal Council may provide exceptions, particularly if the effort is disproportionate.

Restrictions on the Right to Data Release or Transfer

  1. We, as the data controller, may refuse, limit, or delay the release or transfer of personal data for the reasons listed in Article 26, Paragraphs 1 and 2 of the Data Protection Act.

Privacy Notice for Applicants

We are pleased that you are interested in us and have applied or are applying for a position within our company. We would like to provide you with information regarding the processing of your personal data in relation to your application.

Which data of yours do we process? And for what purposes?

We process the data you have sent us in connection with your application to assess your suitability for the position (or potentially other open positions within our company) and to conduct the application process.

On what legal basis is this processing carried out?

The processing of the data is permitted as it is necessary for the decision-making process related to the establishment of an employment relationship.

How long is the data stored?

In the case of a rejection, applicant data will be deleted after 6 months. If you have consented to further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted from the pool after two years.

If you are selected for a position during the application process, the data from the applicant database will be transferred to our personnel information system.

To which recipients will the data be disclosed?

Once your application is received, your applicant data will be reviewed by the HR department. Suitable applications will then be forwarded internally to the department heads responsible for the open position. The further process will be coordinated thereafter. Within the company, only those individuals who require access to your data for the proper functioning of our application process will have access.

Where is the data processed?

The data is processed exclusively in data centers located in Switzerland.

Minors

Our services are generally intended for adults. Individuals under 18 years of age should not submit personal data to us without the consent of their parents or legal guardians.

Legal Validity

If parts or individual provisions of this text do not, no longer, or not fully comply with the applicable legal situation, the remaining parts of the document will remain unaffected in their content and validity.

General Policy on Information Security

Protecting the company's information and IT assets (including but not limited to all computers, mobile devices, network equipment, software, and sensitive data) from all internal, external, intentional, or accidental threats. Minimizing the risks associated with theft, loss, misuse, damage, or abuse of these systems.

Ensuring that information is protected from unauthorized access. Users are only allowed to access resources to which they have been explicitly authorized. The assignment of rights must be strictly controlled and regularly reviewed.

Protecting the confidentiality of information. When we talk about confidentiality, we refer to protecting the information from disclosure to unauthorized parties.

Ensuring the integrity of information. The integrity of information refers to protecting information from unauthorized modifications.

Ensuring the availability of information for business processes. The availability of information means ensuring that authorized parties can access the information when needed.

Compliance with and, where possible, exceeding national legal and regulatory requirements, standards, and best practices.

Development, maintenance, and testing of business continuity plans to ensure that we stay on course despite any obstacles. It’s about "staying calm and moving forward!"

Raising awareness of information security by providing information security training to all employees. Security awareness and targeted training should be conducted consistently, security responsibilities should be reflected in job descriptions, and compliance with security requirements should be expected and accepted as part of our culture.

Ensuring that no action is taken against an employee who discloses an information security issue through reports or direct contact with the information security manager, unless such disclosure clearly indicates an illegal act, gross negligence, or repeated intentional or willful disregard of regulations or procedures.

Report any actual or suspected information security breaches to security@brandleadership.ch or use the form linked in POL-17 Incident Management, Appendix A.