You are here:

Data protection statement of association

Version 3 dated 01.07.2024

In this data protection statement, we, the association (hereinafter, we or us), describe how we collect and otherwise process personal data on and in connection with the platform. The description provided is non-exhaustive; specific matters are possibly governed by other data protection statements or general terms and conditions of business and similar documents (c.f. in particular the data protection statement of the website). The term “personal data” refers to all details pertaining to an identified or identifiable person.

If you provide us with personal data of other persons (e.g. family members, data of work colleagues), please ensure that these persons are made aware of the present data protection statement and that you share their personal data with us only when you have permission to do so and when such personal data is correct.

This data protection statement is drafted in line with the requirements of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP). Whether and to what extent these laws are applicable, however, depends on the specific case.

This data protection statement does not pertain to the publications of procurement offices announcing invitations to tender on The procurement offices are responsible for the legal correctness of their publications and, in particular, for their conformity with data protection legislation. The association cannot be held liable for violations of data protection acts and regulations occuring in publications released by procurement offices.

1. Person or body responsible/data protection officer association, c/o SECO/DPPU, Holzikofenweg 36, 3003 Bern, is responsible for the data processing we undertake, to the extent that no other body has been specified in individual cases. If you have data protection concerns, you can communicate them to us at the following contact address: association, c/o SECO/DPPU, Holzikofenweg 36, 3003 Bern, This is also the address of our data protection officer as defined in Article 37 of the GDPR.

2. Collection and processing of personal data

We primarily process personal data in relation to our services that we receive from contracting authorities, tenderers, online subscribers and other involved persons or that we collect in the operation of our website ( and other applications.
For the use certain services, registration on the website and thus the provision of personal data is required. This applies in particular to the following services:
  • creation, administration and publication of invitations to tender, competitions, study contracts, etc.;
  • registration for published invitations to tender;
  • use of the question-and-answer forum;
  • subscription of invitations to tender;
We may collect the following categories of personal data:
Upon the registration as a user:
  • given name and family name;
  • telephone number;
  • email address;
  • language.
From invitations to tender and other publications:
  • contact person (job title, given and family names);
  • business address;
  • business email address;
  • business website;
  • business telephone number.
When communicating awards:
  • name, address of tenderer who received the award (company, or natural person where applicable)
  • contact person of the contracting authority (job title, given and family names)
  • business address of the contracting authority;
When the question-and-answer forum is used:
  • name of the tenderer posting the question;
  • given and family names.

3. Purpose of data processing and legal foundations

We primarily use the data we collect to offer services to the users of the website (in particular regarding the publication and researching of invitations to tender within public procurement processes), to provide a related question and answer forum, to forward certain invitations to tender to the platform, as well as to fulfil our legal obligations in Switzerland and abroad. If you work for a user of, in particular for a tenderer or a contracting authority, you can, in this function, be equally affected with regards to your personal data.
Furthermore, when permitted and deemed reasonable by us, we process your personal data and that of other persons also for the following purposes in which we (and sometimes third parties) have a rightful interest:
  • to monitor and optimise processes for needs analysis in order to address users directly;
  • to exercise legal rights and defence in relation to legal disputes and official proceedings;
  • to prevent and investigate offences and other misconduct (e.g. to carry out internal investigations, data analyses for combating fraud).
If you have given us consent to process your personal data for certain purposes (e.g. when registering for an online subscription), we process your personal data based on and within the framework of that consent, to the extent that we have no other legal basis therefore and require one. Consent, once given, may be revoked at any time, although this has no bearing on any data processing that has already taken place.

4. Server log files

The provider of the web pages collects and automatically saves information in server log files that your browser automatically transfers to us. This information comprises the following:
  • date and time of the request;
  • name of the requested file;
  • page from which the file was requested;
  • access status (file transferred, file not found, etc.);
  • web browser and operating system used;
  • full IP address of the requesting device;
  • amount of data transferred.
These data are also collected when no registration is made on our website.

These data are not consolidated with other data sources. Such processing is based on our rightful interest in improving the stability and functionality of our website.

For reasons of technical security, in particular for preventing attempts to attack our web server, these data are saved for a short period. It is not possible for us to identify individual persons on the basis of this data. After a maximum of seven days, the data are anonymised by truncating the IP address to the domain level, rendering it impossible to establish a connection to an individual user. The data are then processed in anonymised form for statistical purposes; no comparison with other databases or transfer to third parties takes place.

5. Cookies/tracking applied on our website

On our websites, we generally use cookies and similar technologies that can identify your browser or device. A cookie is a small data file that is sent to your computer and automatically saved by the web browser on your computer or mobile device when you visit our website. This enables us to recognise you when you revisit the website, even though we do not know who you are. In addition to cookies that are used only during a session and deleted after your visit to our site (session cookies), cookies can also be used to save user settings and other information for a certain period, for example, two years (permanent cookies). You may, however, change your settings to reject cookies, to save them only for one session, or to delete them early. The default setting of most browsers is to accept cookies. We use permanent cookies to enable you to save your user settings (e.g. language, automatic log in) and to enable us to better understand how you use our offerings and content. Certain cookies are set by us and certain others by the contracting partners with whom we work. If you block cookies, it is possible that certain functions (such as automatic language selection or log in) will no longer work.

In our subscription emails and some other email types, we sometimes also integrate, where permitted, visible and non-visible image elements, which, when downloaded from our server enables us to determine whether and when you opened our email. This allows us to measure and better understand how you use our offerings and how we can tailor them to you. You can can block this in your e-mail programme, and it is the default setting of most programmes to do so.

By using our websites and agreeing to receive subscription emails and any other emails, you consent to the use of these technologies. If you object to this, you must adjust the settings in your browser or email programme accordingly.

6. Passing on of data and transfer of data abroad

Within the framework of our business activities and our business purpose as described in clause 3, we pass on your personal data, when permitted and we deem it reasonable, to third parties for them to process the data for us or for their own purposes. This relates in particular to the following third parties:
  • our service providers (simap in-house and external providers, including order processors such as IT providers);
  • suppliers, subcontractors, and other business partners;
  • national and international authorities, official bodies, or courts;
  • other parties involved in potential or actual legal proceedings.
Together, these comprise the receivers.

If a receiver is located in a country without sufficient data protection legislation, we contractually oblige the receiver to comply with the applicable data protection (for this, we use the revised standard contractual clauses of the European Commission, which are available here: if the receiver is not already subject to another legally recognised set of regulations to guarantee data protection and we have no applicable exemption clause. An exemption may apply, for instance, for legal proceedings abroad, but also in cases of overriding public interest, or when the closure of a contract requires such provision of information, when you have given consent, or when the matter pertains to data made generally accessible by you and you have not objected to its processing.

7. Storage duration of personal data

We process and save your personal data when this is necessary to fulfil the purpose for which it was collected and, moreover, in accordance with the legal duties of safekeeping and documentation. In this context, it is possible that personal data are stored for the period in which claims can be raised against us, and when we are otherwise legally obliged to do so, or when required by legitimate business interests (e.g. for purposes of proof and documentation). As soon as your personal data are no longer required for the above-named purposes, they are, as a rule, and to the extent possible, deleted or anonymised. For operational data (e.g. system protocols, logs), as a rule, shorter storage periods of twelve months or less apply.

8. Data security

To protect your personal data from unauthorised access and misuse, we implement appropriate technical and organisational security measures such as training, IT and network security solutions, access controls and limits, encryption of data carriers and transfers, pseudonymisation, and controls.

This website uses SSL/TLS encryption for security reasons and to protect transferred confidential content, such as the requests you send to us as the website operator. You can recognise an encrypted connection by the change in address from “http://” to “https://” and by the padlock symbol in the browser line.

When the SSL or TLS encryption is activated, data that you transfer to us cannot be read by third persons.

9. Obligation to provide personal data

When using our website, you must provide the necessary personal data to create and use your user profile and to avail yourself of the services you request from us (generally, you have no statutory obligation to provide us with data). Without these data, we are generally not in a position to offer you (or the office or person you represent) full access to our website or our services. If certain details to enable data transmission (such as IP address) are not disclosed, you might be completely unable to use the website.

10. Rights of the affected person

Within the framework of the data protection legislation applicable to you, and if these so provide (as is the case in the GDPR), you have the right to information, notification, and deletion, as well as the right to limit data processing or to object to our data processing and to the provision of certain personal data for the purpose of transferring it to another party (data portability). Please note, however, that we reserve the right to apply the relevant legal restrictions, for example, when we are obliged to store or process certain data, when we have an overriding interest (where we may claim the right), or when it is necessary to assert claims. Should costs arise for you, we will inform you in advance. We have already informed you of the possibility to revoke your consent in clause 3. Please note that exercising these rights might constitute a breach of contractual agreements that could result in early termination of contract or involve costs. In this event and where not already contractually defined, we will inform you in advance.
As a rule, exercising such rights requires you to clearly prove your identity (e.g. by providing a copy of ID when your identity is not otherwise clear or can be verified). To assert your rights, you may contact us at the address provided in clause 1.
Moreover, each affected person has the right to legally pursue their claims or to submit a complaint to the competent data protection authority. The competent Swiss data protection authority is the Swiss Federal Data Protection and Information Commissioner (

11. Changes

We may change this data protection statement at any time without prior notice. The current version published at any one time on our website applies. If the data protection statement forms part of an agreement with you, we will inform you of any changes via email or another suitable method of communication.