1. Introduction
Importance of data protection: Respect for privacy is taken very seriously by the offices in charge of the virtual counter. Personal data is handled with the utmost care and in accordance with the data protection laws in force.
2. Scope of application
Scope of the declaration: This data protection declaration applies exclusively to the virtual counter to the exclusion of any other platform.
3. Definition of personal data and processing
- Personal data: any information relating to an identified or identifiable person using the virtual counter.
- Data processing: actions such as the collection, storage, modification, use, communication and deletion of personal data via infrastructures of the virtual counter.
4. Data processing responsibilities
- Bodies in charge of the virtual counter: The State Chancellery and the IT and Telecommunications office (SITel) are the offices responsible for the platform of the virtual counter and the basic services on which the online administrative services rely to function normally.
- Authorities and partner bodies: Online administrative services are the responsibility of the authority providing the service.
- Third parties and subcontractors: Tasks delegated to third parties and/or subcontractors are the responsibility of the authority using the third party or subcontractor.
5. Purpose of data processing
Use of data: Personal data is processed with the aim of facilitating interactions with the virtual counter, providing the services requested by users and ensuring the operation and security of the virtual counter.
Statistics: In order to improve the quality of the services offered and to provide an optimal user experience, the virtual counter uses anonymised data for statistical analysis purposes. This data is used to better understand usage trends, optimise processes and respond more effectively to users' needs.
6. Types of data processed and access
- Data collection: The virtual counter processes various types of personal data such as contact information, data required to provide the service requested, transaction and payment history, personal identifiers, etc. The list of data processed can be found in Article 18 of the ordonnance sur le guichet virtuel (OGV, RSF 184.13).
- Data access : Access to the data processed in the virtual counter is segmented so that each body only has access to the data it needs to carry out its tasks.
7. Recipients of personal data
The personal data collected via the virtual counter can be accessed by the following people and organisations:
- Bodies responsible for the virtual counter: This may include IT staff, database managers and information systems security officers who ensure the smooth running and security of the virtual counter. The access of these persons to the data of the virtual counter is strictly limited to the accomplishment of the management tasks of the virtual counter.
- Body responsible for providing the requested services: Depending on the nature of the request (for example, ordering official documents, registering for a public service, etc.), the data is shared with the office responsible for processing the request.
- Subcontractors: The provision of certain services may require the assistance of one or more subcontractors to perform defined tasks. The list of subcontractors and the data entrusted to them is given in § 9 of this declaration.
8. Consent to the processing of data for the provision of services
In principle, the provision of an administrative service online is subject to the user's consent to the collection of the data required to process the request.
- Implicit consent: For services which do not require the processing of sensitive personal data and which do not present any other particular risks, the web page on which the required service is found will indicate to the user what data is required for the service to be provided. The user is deemed to consent to the processing of this data if, on the basis of the information she or he has received, she or he proceeds with the procedure.
- Explicit consent: For the processing of sensitive data and other forms of processing that present a higher risk, a consent window will appear on the user's screen. The consent window indicates what data is processed and/or what risks are associated with the processing. To continue with their request, users must click on a button to expressly accept the processing of their data.
- Revocation of consent: Users may revoke their consent to the processing of their personal data given when using the virtual counter at any time. The effects of revocation are limited to the processing of personal data that cannot legally be processed without the user's consent. Furthermore, it is no longer possible to revoke consent given for one or more cases of data processing that have already been carried out in full.
- Consequences of a refusal to consent: Refusal to provide certain data may restrict access to certain services. In this case, the user can obtain the service requested by choosing another delivery channel.
However, no consent is required where data processing is provided for by law.
9. Outsourced data processing
Third-party service providers: In principle, data from the virtual counter is processed on the State's own infrastructure. However, certain data relating to certain services offered by third parties on the virtual counter may be processed and hosted by them.
List of third-party service providers:
- eOperations Suisse SA: This service provider offers the eMoving service, which enables people living in Switzerland to register their move online.
- Datatrans AG: This service provider provides the service on which the basic service ePay is based, enabling online payment of the fee required to provide a service.
Applicable data protection declaration: Data processing outsourced to third-party service providers is governed by the general terms and conditions laid down by these service providers, which can be consulted directly on their website.
10. Retention of data
Duration of retention: The various data retention periods can be found in Article 19 of the ordonnance sur le guichet virtuel (OGV, RSF 184.13).
11. External links
Liability waiver: Links to third party sites are outside the control and responsibility of the State offices.
12. Cookies and similar technologies
Use of cookies: The virtual counter only uses essential cookies to guarantee the security and optimal operation of the virtual counter. These cookies are essential for browsing on the site of the virtual counter and using the functions offered. In addition to these essential cookies, we use a specific cookie to remember the user's language of use. No tracking, advertising or analytical cookies are used on the virtual counter.
13. Users' rights
Rights at disposal: Users have the right to access their data, request its correction or deletion and revoke their consent to data processing. They can do this either by using a dedicated function on the virtual counter or by contacting the offices in charge of the virtual counter directly.
14. Data security
Protective measures: The virtual counter applies technical and organisational measures to protect personal data against unauthorised access and loss.
15. Changes to the data protection declaration
- Updates: This data protection declaration may be updated at any time. These modifications may be necessary to comply with legislative changes, to reflect new features of the virtual counter or for other reasons.
- Information: Users of the virtual counter are informed of any changes made by sending an e-mail to the e-mail address associated with their virtual counter account.
- Version in force: In the event of any dispute concerning this data declaration, the version in force at the time when the facts in dispute arose shall prevail.
16. Contact
Contact address: Any questions regarding this data protection declaration should be addressed to:
Secrétariat de cyberadministration
c/o Chancellerie d’Etat
Route des Arsenaux 41, 1700 Fribourg,