Personal Data Privacy Policy

1. Introduction

The purpose of this privacy policy is to inform you about how APCO Technologies collects, uses and protects your personal data.

We are committed to complying with applicable data protection legislation, including the European Union's General Data Protection Regulation (EU GDPR), the UK GDPR via the Data Protection Act 2018 in the United Kingdom, as well as the Swiss Federal Data Protection Act (nLPD), in order to ensure the security and confidentiality of your information.

This policy applies to all personal data that we collect, whether provided directly by you or collected as part of your use of our services.

2. Data controller

APCO Technologies SA Chemin de Champex 10, 1860 Aigle, Switzerland, is responsible for processing personal data.

3. Personal data collected and purposes of processing

As part of our activities, we undertake to collect only personal data that is strictly necessary for the purposes pursued, in accordance with the principles of data minimization and purpose limitation.

The categories of data processed, and the associated purposes are as follows:

Providing and improving our services

We collect identification data: last name, first name, date of birth, phone numbers, and email address, in order to ensure management, quality, continuity, and improvement of our services.

Compliance with our legal and contractual obligations

In order to meet our regulatory and contractual obligations, we collect identification and financial data, in particular: surname, first name, date of birth, telephone numbers, e-mail address, salaries, proof of professional expenses and bank details.

Optimizing the user experience

In order to improve your experience of our website and digital services, we collect technical data such as: IP address, browsing information (sessions, pages visited), cookies and other tracers. Some of this information may constitute personal data and is therefore processed in accordance with our Cookies Policy.

Communication and commercial prospecting

Subject to your prior consent, we collect identification and professional data such as surname, first name, e-mail address, job title and company, in order to communicate with you and propose our offers.

Application management

As part of the processing of applications submitted via our application tracking system (ATS), we collect identification and professional data, in particular: surname, first name, date of birth, nationality(ies), address, telephone numbers, e-mail address, curriculum vitae, diplomas, police record and professional interests.

Human Resources administration

To manage human resources and support our employees (management of employment contracts, salary payments, organization of training courses, performance appraisals, etc.), we process identification, professional and financial data such as: surname, first name, date of birth, marital status, AVS/Social Security number, address, telephone numbers, e-mail address, diplomas and certificates, appraisals and work certificates, as well as bank details.

Access to our premises

When you visit one of our sites, we collect identification data, including your surname, first name, e-mail address and nationality(ies) to ensure the security of our premises. You will also be asked for your signature when you register. Signatures are not reusable for any other document.

Testing and maintenance of our IT systems

In order to ensure the security, stability, and proper functioning of our IT systems, we may use personal data in test or development environments. This processing is based on our legitimate interest in ensuring the reliability and performance of our systems.

Where possible, this processing is carried out using fictitious data. When the use of real data is necessary for technical reasons, we ensure that the data used is strictly limited to the minimum necessary and that access is restricted to authorized people only.

Automated decisions and profiling

In certain cases, particularly in the context of the recruitment process or the optimization of our internal processes, we may use automated tools to analyze the data provided.

This processing may include profiling operations aimed at evaluating certain professional aspects (e.g., suitability of a profile for a position).

4. Personal data collected and purposes of processing

We process your personal data only when we are authorized to do so by law. The processing of your personal data is based on the following legal grounds:

  • Your consent: in particular for marketing purposes or when required by law.

  • Performance of a contract: when processing is necessary for the provision of our services or the performance of a contract to which you are a party.

  • Compliance with legal obligations: in order to comply with our legal and regulatory obligations.

  • Our legitimate interest in ensuring the proper technical functioning of our IT systems, recruiting qualified personnel, and guaranteeing the security of the site.

5. Data sharing

Your personal data may be shared with trusted third-party partners and service providers only when necessary to achieve the purposes described in this policy, and in strict compliance with applicable laws.

These third parties act either as processors or as independent controllers, depending on the circumstances. When acting as processors, they are contractually bound to comply with appropriate security and confidentiality obligations.

The transfer of personal data may occur, for example, in the following situations:

  • The processing of salaries by an accounting firm,
  • The management of visa applications and administrative procedures by a law firm,
  • The compilation and transmission of applications for access to regulated sites.

6. Data retention period

Your personal data is kept for the time strictly necessary to achieve the purposes for which it was collected, in accordance with applicable legal and regulatory requirements. For example:

  • Data relating to personnel management is kept for the duration of the employment contract is active, then archived for 10 years from the end of the contractual relationship.

  • Data required for accounting purposes is kept for 10 years, in compliance with legal requirements.

  • Data used for commercial prospecting purposes is kept for 3 years from the last contact with the person concerned.

  • Data collected during the application process is kept for 2 years. At the end of this period, we will ask for your consent to keep it in our candidate database. If we do not receive a response, the data will be deleted in accordance with the principle of “privacy by default.”

  • Data collected when visitors are received on our premises is kept for maximum 1 year from the date of the visit.

At the end of retention periods, any data no longer required will be securely deleted, anonymized, or pseudonymized as appropriate, unless longer storage is necessary to comply with a legal obligation or in the event of a dispute.

You may request the deletion or rectification of your data at any time, within the limits of the law.

7. Data protection rights

In accordance with the nLPD, the EU GDPR and the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: you have the right to obtain confirmation that personal data concerning you is being processed and, where applicable, to receive a copy of it along with information about the processing methods.
  • Right of rectification: you can request the correction of inaccurate or incomplete data relating to you.
  • Right to erasure: you may request the deletion of your personal data under certain conditions, in particular when it is no longer required for the purposes for which it was collected.
  • Right to restrict processing: you may request that the use of your data be restricted in certain cases provided for by the regulations.
  • Right to object: you may object to processing based on our legitimate interest, in particular for direct marketing purposes. When decisions relating to you are made solely on the basis of profiling or automated processing that produces legal or significant effects, you may request human intervention.
  • Right to withdraw consent: when the processing of your personal data is based on your consent, you may withdraw it at any time, without this affecting the lawfulness of the processing carried out prior to such withdrawal;
  • Right to lodge a complaint with a supervisory authority: If you believe that the processing of your personal data violates applicable data protection laws, you may lodge a complaint with a supervisory authority responsible for your place of residence, place of work, or the place where the alleged violation occurred.Right to data portability: when processing is based on your consent or on a contract and is carried out using automated processes, you may request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or request that it be transmitted directly to another data controller where technically feasible.

 

8. Exercising your rights

To exercise any of these rights, simply contact us at:

  • By mail: APCO Technologies SA, Chemin de Champex 10, 1860 Aigle (Switzerland)

  • By email: privacy@apco-technologies.eu

We will respond to your request within a reasonable time (usually within 1 month), in accordance with legal requirements. We may ask you for additional information to verify your identity before processing your request.

9. Data security

We implement appropriate technical and organizational security measures, such as data encryption, access management, and monitoring of our systems, to protect your personal data against unauthorized access, use or disclosure, as well as accidental loss, alteration or destruction.

10. International data transfers

In cases where your personal data is transferred outside the European Economic Area (EEA), Switzerland or the United Kingdom, we ensure that such transfers benefit from appropriate safeguards, in order to maintain a level of protection equivalent to that required by applicable data protection regulations.

These guarantees may include the use of standard contractual clauses approved by the European Commission or the Information Commissioner’s Office (ICO) for United Kingdom, or any other mechanism recognized as adequate by the competent authorities.

11. Data Protection Impact Analysis (DPIA)

To date, APCO Technologies has not implemented any processing of personal data that presents a high risk to the rights and freedoms of data subjects. Consequently, no Data Protection Impact Analysis (DPIA) is currently required.

However, we remain attentive to the evolution of our activities and regularly reassess our practices to ensure their compliance with the EU GDPR, the UK GDPR and the nLPD. If new processing operations were to be implemented, we would carry out a risk analysis to determine the need for a DPIA.

Where appropriate, we undertake to:

  • Carry out a thorough assessment of the risks to the privacy of data subjects.

  • Implement appropriate security measures to limit these risks.

  • Consult the relevant data protection authority in the event of high residual risks.

Finally, we apply the principles of “privacy by design” (data protection by design) and “privacy by default” (data protection by default), in line with the requirements of the GDPR.

12. Changes to the Privacy Policy

We reserve the right to modify this privacy policy at any time. Changes will be posted on our website with the last update date. We encourage you to check this page regularly for any changes.

13. Contact

If you have any questions about this privacy policy or wish to exercise your rights, you can contact our data protection representative at:

APCO Technologies SA

Chemin de Champex 10

1860 Aigle (Suisse)

privacy@apco-technologies.eu

This Privacy Policy was last updated on March 12, 2026.

Copyright © 2023 APCO Technologies. Chemin de Champex 10, CH-1860 Aigle - Switzerland - Photography credit ESA and EDF. Data Privacy Policy