1. EN
  2. FR
  3. DE

WE BRING VALUE TO YOUR IDEAS

  1. Privacy Statement

1. What is included in this Privacy Statement

André Roland SA (hereinafter also “we”, “our”, and the “Company”) collects and processes personal data about you and other persons (“third parties”). Here we use the term “data” interchangeably with “personal data”.

In this Privacy Statement, we describe what we do with your data when you use our website www.andreroland.com (“website”), when you purchase our services, when you contact us in connection with a contract, and when you communicate or otherwise deal with us. If necessary, we will inform you, by means of a separate statement, of any processing activity not covered by this Privacy Statement. We may also inform you separately about the processing of your data, for example in consent forms, general terms and conditions, additional statements, forms and other notices.

If you provide us with data or share data with us about other people, such as family members, co-workers, etc., we assume that you are authorised to do so and that the data concerned is accurate. You confirm the above when you share data about other people with us. Please ensure that the people concerned have been informed of this Privacy Statement.

This Privacy Statement is aligned with the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Act on Data Protection (“FADP”). However, the practical application of these laws depends on the particular case.

The French version of this Privacy Statement shall prevail in case of discrepancies with other language versions.

2. Who is responsible for processing your data?

André Roland SA, Avenue Collonges 21, 1004 Lausanne, Switzerland, is the data controller under this Privacy Statement, unless we tell you otherwise in a particular case, for example in additional privacy statements, in a form or in a contract.

You may contact us regarding data protection issues and to exercise your rights under section 11 as follows:

      André Roland SA
      Avenue Collonges 21
      1004 Lausanne
      contact@andreroland.com

3. What data do we process?

We process different categories of data about you. The main categories are:

  • Technical data: When you use our website or other online services (e.g. free Wi-Fi), we collect the IP address of the device (terminal) you are using and other technical data in order to ensure that these services are secure and function correctly. This data includes records of use of our systems. We usually retain technical data for 12 months. In order to guarantee that these services function correctly, we may also assign you an individual code or assign a code to your device (e.g. in the form of a cookie, see section 12). Technical data as such does not allow conclusions to be drawn about your identity. However, technical data may be linked to other categories of data (and potentially to your person) in the context of user accounts, records, access controls or the performance of a contract.

  • Registration data: Some offers and services (e.g. sending newsletters, free WLAN access, etc.) can only be used with a user account or after registration, which can be done directly with us or through our third-party connection service providers. In this context, you must provide us with certain data and we collect data about the use of the offer or service. Controlled access to some facilities may require registration data and, depending on the control system, biometric data. We generally retain registration data for 12 months from the end of use of the service or the closure of the user account.

  • Communication data: When you are in contact with us via the contact form, by email, by telephone or chat, by post or any other means of communication, we collect the data that you exchange with us, including your contact details and the metadata of the communication. If we record or listen to telephone conversations or video conferences, for example for training, minute-taking and quality assurance purposes, we will inform you specifically. These recordings may only be made and used in accordance with our internal policies. You will be informed if and when such recordings take place, for example via a message during the video conference in question. If you do not wish to be recorded, please let us know or leave the (video) conference. If you simply do not want your image to be recorded, please turn off your camera. If we need to determine your identity, for example in connection with an information request, we collect personally identifiable data (for example, a copy of an ID document). We generally retain this data for 12 months from our last interaction with you. This period may be longer if necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons. Emails in the personal inbox and written correspondence are usually kept for at least 10 years. Recordings of (video) conferences are usually kept for 24 months. Chats are usually kept for two years. These periods may be longer if necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons.

  • Baseline data: 'Baseline data' means the baseline data that we need, in addition to contractual data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as your name and contact details, as well as information regarding, for example, your role and function, bank details, date of birth, customer history, powers of attorney, signing authorisations and declarations of consent. We process your baseline data if you are a customer, supplier or other business contact or if you work for one of these (e.g. as the contact person of a business partner). We receive baseline data from you (e.g. when you use our services or during a registration process), from persons for whom you work or from third parties such as contractual partners, associations and brokers, as well as from public sources such as public registers or the internet (websites, social media, etc.). In the context of baseline data, we may also potentially process health data and information about third parties. We generally retain baseline data for 10 years from our last exchange with you or the end of the contract. This period may be longer if necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons. For contacts used solely for marketing and advertising purposes, the retention period is, in principle, much shorter, usually no more than two years from the last contact. This period may be longer if necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons.

  • Contractual data: This includes data collected in connection with the conclusion or performance of a contract, for example information about contracts and services provided or to be provided, as well as data relating to the period preceding the conclusion of a contract, information required or used for the performance of a contract, and customer comments (for example, complaints, customer satisfaction data, etc.). This may include health data and information about third parties. We generally collect this data from you, contractual partners and third parties involved in the performance of the contract, but also from third-party sources (e.g. credit information providers) and public sources. We generally retain this data for 10 years from the last contractual activity or the end of the contract. This period may be longer when necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons.

  • Behavioural and preference data: Depending on the relationship we have with you, we try to get to know you better and adapt our services and offers to your needs. For this purpose, we collect and process data about your behaviour and preferences. We do this by evaluating information about your behaviour in our field, and we may also supplement it with information from third parties, including public sources. Based on this data, we can, for example, determine the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is either already known to us (for example, where and when you use our services) or we collect it by recording your behaviour (for example, how you browse our website). We anonymise or erase this data when it is no longer relevant for the purposes pursued, i.e. – depending on the type of data – between a few weeks and 24 months (for service preferences). This period may be longer when necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons. We describe how online tracking works on our website in section 12.

  • Other data: We also collect data about you in other situations. For example, we process data that may concern you (such as files, evidence, etc.) in the context of administrative or judicial proceedings. We may obtain or create photos, videos and sound recordings in which you may be identifiable (e.g. at events with security cameras, etc.). We may also collect data about who enters certain buildings and when, or who has access rights (including through access controls, or based on registration data or visitor lists, etc.), who participates in events or campaigns, and who uses our facilities and systems and when. The retention period for this data depends on the purpose of the processing and is limited to what is necessary. It ranges from days for data from most security cameras, to weeks for contact and visitor tracking data, which is typically retained for three months, to several years or more for event reports containing images.

Most of the data mentioned in this section 3 is provided to us directly by you (through forms, when you communicate with us, in the context of concluding a contract, when you use the website, etc.). You are not obliged or required to provide us with data, except in certain cases, for example in the context of mandatory health protection concepts (statutory obligations). If you wish to enter into contracts with us or use our services, you must also provide us with certain data, including baseline data, contractual data and registration data, as part of your contractual obligations under the relevant contract. Furthermore, it is not possible to avoid the processing of technical data when using our website. If you wish to have access to certain systems or buildings, you must also provide us with registration data. However, in the case of behavioural and preference data, you usually have the option to object or not to give your consent.

Provided it is not illegal, we also collect data from public sources (e.g. debt collection registers, land registers, business registers, the media or the internet, including social media) or receive data from public authorities and other third parties (such as credit agencies, address brokers, associations, contractual partners, web analytics services, etc.).

4. For what purposes do we process your data?

We process your data for the purposes set out below. You will find more information in 12 and 13 for online services. These purposes and their objectives serve our interests and, potentially, those of third parties. You can find more information on the legal basis of our processing in section 5.

We process your data for the purposes of communicating with you, in particular to respond to your requests and for you to exercise your rights (section 11), and to allow us to contact you if we have any questions. For this purpose, we use mainly communication data and baseline data, as well as registration data in connection with the offers and services you use. We retain this data to document our communication with you, for training and quality assurance purposes, and to respond to requests.

We process the data within the framework of pre-contractual measures and for the conclusion, administration and performance of contractual relationships.

We also process the data for marketing and relationship management purposes, for example to send our customers and other contractual partners personalised advertisements for services offered by us or by third parties (e.g. advertising partners). This can occur in the form of newsletters and other regular contacts (electronic, email or telephone), through other channels for which we have your contact details, but also as part of marketing campaigns (e.g. events) and may also include free services (e.g. invitations), for example. You can object to such contacts at any time (see the end of this section 4) or refuse or withdraw your consent to us contacting you for marketing purposes. With your consent, we may target our online advertising on the internet more specifically to you (see section 12). Finally, we also wish to allow our contractual partners to contact our customers and other contractual partners for marketing purposes (see section 7).

We also process your data for market research purposes, to improve our services and business activities and to develop services.

We may also process your data for security and access control purposes.

We process personal data to comply with laws, directives and recommendations by the authorities and internal regulations (“Compliance with legal requirements”).

We also process data as part of our risk management and corporate governance, including business organisation and development.

We process data if you apply for a job with us.

We may process your data for other purposes, for example as part of our internal processes and administration or for quality assurance and training purposes.

5. On what basis do we process your data?

When we ask for your consent for certain processing activities (e.g. for the processing of sensitive personal data, for marketing activities, and for advertising management and analysis of behaviours on the website), we will inform you separately of the processing purposes concerned. You may withdraw your consent at any time with effect in the future by sending us a written notification (by post) or, unless otherwise indicated or agreed, by sending us an email; you will find our contact details at 2. To withdraw your consent to online tracking, see section 12. If you have a user account, you can also withdraw your consent or contact us via the service in question. As soon as we have received notification of withdrawal of consent, we will no longer process your information for the purpose(s) to which you have consented, unless we have another legal basis for doing so. However, withdrawal of consent does not affect the legality of processing based on consent prior to withdrawal.

Where we do not request consent for processing, the processing of your personal data is based on the necessity of processing to initiate or perform a contract with you (or the entity you represent) or on the basis of our legitimate interest or that of a third party to the processing in question, in particular in pursuing the purposes and purposes set out in section 4 and in implementing measures relating thereto. Our legitimate interests also include compliance with statutory regulations, to the extent that this is not already recognised as a legal basis by the applicable data protection legislation. It also includes marketing our services, understanding our markets and managing and developing our business, including its operations, safely and efficiently.

When we receive sensitive personal data (for example, data relating to health, data that reveal political opinions, religious or philosophical beliefs, or biometric data for the purpose of uniquely identifying a natural person), we may process your data on the basis of other legal bases; for example, in the event of a dispute, for the purposes of potential litigation or for the execution or defence of legal claims. In some cases, other legal bases may apply and, where appropriate, we will inform you separately.

6. What are the rules applicable to automated profiling and individual decisions?

We may automatically evaluate personal aspects about you (“profiling”) based on your data (section 3) for the purposes set out in section 4, when we wish to establish preference data, as well as to detect abuse and security risks, to perform statistical analyses and for business planning. We may also create profiles for these purposes, which means that we may combine behavioural and preference data, as well as baseline data, contractual data and technical data about you in order to better understand you as an individual, with your different interests and other characteristics.

In both cases, we ensure the proportionality and reliability of the results and take action against the misuse of these profiles or profiling. If these automated individual decisions may have legal consequences for you or otherwise affect you in a significant way, we ensure, in principle, that the decision is controlled by a human being.

The company does not make automated decisions.

7. Who do we share your data with?

We may, in connection with our contracts, the website, our services, our statutory obligations, the protection of our legitimate interests, and the other purposes set out in section 4, disclose your personal data to third parties, including the following categories of recipients:

  • Service providers: We work with service providers in Switzerland and abroad who process your data on our behalf or as joint controllers with us or who receive data about you from us as independent controllers (for example, IT service providers - Tebicom Company, rte du Petit-Moncor 1A, CH-1752 Villars-sur-Glâne, transport companies, advertising service providers, cleaning companies, security companies, banks, insurance companies, debt verification agencies, credit information agencies or address verification providers). This may exceptionally include health data. For service providers used for the website, see section 12.

  • Contractual partners, including customers: These are customers (e.g. service recipients) and our other contractual partners, insofar as the disclosure of data stems from these contracts. They may, for example, receive registration data in connection with invitations, etc. If you work for one of these contractual partners, we may also provide them with data about you. This may include health data. These recipients also include contractual partners with whom we cooperate or who advertise on our behalf and to whom we may therefore communicate data about you for analysis and marketing purposes (again, these may be service recipients, but also online advertising providers). We ask these partners to send you or display advertisements based on your data only with your consent (for online advertising, see section 12).

  • Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it seems necessary to protect our interests. This may exceptionally include health data. These authorities act as independent controllers.

  • Other parties: These are other cases where interactions with third parties are in line with the purposes set out in section 4, for example, service recipients, the media and associations in which we participate, or if you are featured in one of our publications.

All these categories of recipient may involve third parties, so your data may also be disclosed to them. We may restrict processing by certain third parties (e.g. IT providers), but not by others (e.g. authorities, banks, etc.).

We reserve the right to make such disclosures, even for confidential data (unless we have expressly agreed with you that we will not disclose such data to certain third parties unless required by law). Notwithstanding the above, your data will continue to be subject to adequate data protection in Switzerland and the rest of Europe, even after its disclosure. For disclosure to other countries, the provisions of section 8 apply. If you do not wish certain data to be disclosed, please let us know (section 2) so that we can examine whether and to what extent we can respond to your request.

In addition, we allow certain third parties to collect your personal data on our website and at events we organise (e.g. press photographers, tool providers on our website, etc.). Where we have no control over this data collection, the third parties concerned are independent controllers. If you have any questions or wish to exercise your data protection rights, we invite you to contact these third parties directly. For the website, see section 12.

8. Is your personal data shared abroad?

As explained in section 7, we share data with other parties. These are not all located in Switzerland. Your data may therefore be processed both in Switzerland and in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we require it to undertake to comply with the applicable data protection legislation unless it is already subject to a legally accepted set of rules to ensure data protection or we can invoke an exception, for example, in the case of legal proceedings abroad, in the case of an overriding public interest or where the performance of a contract requires data to be disclosed, or if you have consented to the transfer of the data or if the data has been made generally available directly by you and you have not objected to the processing.

We may also invoke an exception for data from a statutory register (for example, the trade register) to which we have legitimately had access.

Please note that data exchanged via the internet often passes through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.

9. For how long do we process your data?

We process your data for as long as our processing purposes, statutory retention periods and our legitimate interests in terms of documentation and preservation of evidence require or if retention is a technical requirement. You can find more information on the respective retention and processing periods for the different categories of data in section 3, and for cookies in section 12. In the absence of statutory or contractual obligations to the contrary, we will erase or anonymise your data once the retention period has expired or processing has ceased as part of our normal processes, unless the data is retained for archiving purposes.

10. How do we protect your data?

We take appropriate measures to ensure the necessary security of your personal data and to guarantee its confidentiality, integrity and availability, to protect it from unauthorised or unlawful processing, and to minimise the risk of loss, accidental alteration, or unauthorised disclosure or access.

11. What are your rights?

The applicable data protection laws give you the right to object to the processing of your data in certain circumstances, including processing for direct marketing purposes, profiling for direct marketing purposes and on the grounds of other legitimate interests in the processing.

To help you control the processing of your personal data, you have the following rights with respect to our processing of your data, in accordance with applicable data protection legislation:

- The right to ask us for information about whether we are processing data about you and, if so, which data;

- The right to request that we rectify the data if it is inaccurate;

- The right to request the erasure of the data;

- The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;

- The right to withdraw your consent, where our processing is based on your consent;

- The right to receive, on request, other information useful for the exercise of these rights;

If you wish to exercise the aforementioned rights in respect of us, you can contact us in writing at our address or, unless otherwise indicated or agreed, by email; you will find our contact details in section 2. In order to prevent abuse, we must identify you (for example by means of a copy of your identity card, if identification is not possible otherwise).

You also have these rights in respect of other parties that cooperate with us as independent controllers and you may contact them directly if you wish to exercise your rights in relation to their processing of your data.

Please note that conditions, exceptions and restrictions may apply in connection with the exercise of these rights in accordance with applicable data protection legislation (e.g. to protect third parties or trade secrets). If so, we will inform you.

If you do not agree with how we respond to the exercise of your rights or with our data protection practices, you can let us know (section 2). If you are located in the European Economic Area (EEA), UK or Switzerland, you also have the right to lodge a complaint with the relevant data protection supervisory authority in your country. A list of authorities in the EEA can be found here: edpb.europa.eu/about-edpb/board/members_en. You can contact the UK supervisory authority at: ico.org.uk/global/contact-us/. You can contact the Swiss supervisory authority at: www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.

12. Do we use online tracking and online advertising techniques?

We do not use online tracking or online advertising techniques.

However, even in the absence of registration data, the technologies we use are designed to ensure that you are recognised as an individual visitor each time you access the website, for example by our server (or a third-party server), which assigns a specific identification number to you or your browser (known as a "cookie").

You can configure your browser to block or 'trick' certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser to block some third-party tracking. You can find more information in the help pages of your browser (usually with the keyword "data protection") or on the websites of the third parties listed below.

We distinguish the following categories of cookie (including technologies that work in the same way, such as fingerprints):

- Marketing cookies: We and our partners have an interest in targeting advertising as accurately as possible, that is, showing it only to the people we want to communicate with. We have listed our advertising partners below. If you consent, we and our advertising partners use cookies that can record the content viewed for this purpose. This allows us and our advertising partners to show links to our site in response to a search engine query that we believe may be of interest to you, on other websites that display links from us or our advertising partners. These cookies have an expiry period ranging from a few days to 12 months, depending on the circumstances. If you consent to the use of these cookies, you will be shown the corresponding links on the advertising partner's website.

We use our own tools, as well as third-party services (which may in turn use cookies) on our websites, particularly to improve their functionality or content (for example, embedding videos or maps), to compile statistics.

In particular, we currently use offers from the following service providers and advertising partners on our website and other digital services. Contact details and further information on the individual processing of data by these service providers can be found in their respective privacy statements:

These third-party providers may be our processors (e.g. Google Analytics) or (independent) controllers, depending on data protection law. Further information on this can be found in the privacy statements of the respective service providers.

As some of the third-party providers may be located outside Switzerland, information on cross-border data transfers is available in section 8.

13. What data do we process on our social media pages?

We may use pages and other forms of online presence (“fan pages”, “channels”, “profiles”, etc.) on social media and other platforms operated by third parties and collect the data described in section 3and below. We receive this data from you and from the platforms when you interact with us through our online presence (for example, when you communicate with us, comment on our content or visit our online platforms). These platforms also analyse your use of our online presence and combine this data with other data they have about you (e.g. behavioural and preference data). They also process this data for their own purposes, in particular for marketing and market research purposes (e.g. to personalise advertising) and to manage their platforms (e.g. what content they show you) and act as independent controllers for this purpose.

We process this data for the purposes set out in section 4, in particular for communication, for marketing purposes (including advertising on these platforms, see section 12) and for market research, or if you apply for a job with us. Information on the applicable legal basis can be found in section 5. We may disseminate content posted by you (e.g. comments on an advertisement), for example as part of our advertising on the platform or elsewhere. We or the platform operators may also remove or restrict content from or about you in accordance with their terms of use (e.g. inappropriate comments).

For more information on the processing of platform operators, you can consult the relevant privacy statements. You will also find information about the countries in which they process your data, your rights to access and erase data and other rights of data subjects, as well as how you can exercise these rights or obtain further information. We currently use the following platforms:

We have the right, but not the obligation, to check the content before or after its publication on our online platforms, to delete it without notice and, where appropriate, to report it to the provider of the relevant platform.

14. Can we update this Privacy Statement?

This Privacy Statement is not part of a contract with you. We may change this Privacy Statement at any time. The version published on this website is the current version.

Last updated: June 6th 2025

 

Direct representation before the following organizations