Data Protection Policy

Protecting your privacy is an important matter for us. In this privacy policy, we describe how we process your personal data, e.g. when you submit a funding application to Innosuisse or when you contact us in this regard or when you visit our website www.innosuisse.ch as well as when you apply to Innosuisse. This policy makes our data processing transparent and tells you what rights you have in the process.

In this privacy policy we explain how we, Innosuisse, collect and otherwise process personal data. This is not an exhaustive description; other privacy policy, general terms and conditions, conditions of participation and similar documents may govern specific matters.

If you use our websitewww.innosuisse.ch), the legal provisions for use of the websites of the Swiss Federal Administration also apply, which are available via the following link: https://www.admin.ch/gov/en/start/terms-and-conditions.html. This privacy policy clarifies the statements made there on data protection and takes precedence in the event of any contradictions.

Innosuisse - Swiss Innovation Agency is responsible for the data processing described here.

Queries relating to data protection or this policy can be directed at any time, electronically or by post, to:

Innosuisse – Swiss Innovation Agency
Data Protection Advisor, Legal and Strategy Team
Einsteinstrasse 2
3003 Bern

E-mail: legal@innosuisse.ch

We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (FADP₁) and the Data Protection Ordinance (DPO²).

¹ Federal Act on Data Protection of 25 September 2020 (FADP, SR 235.1).
² Ordinance of 31 August 2022 on Data Protection (DPO, SR 235.11).

In certain cases, data protection provisions of other legal sources or international data protection laws such as the European General Data Protection Regulation³ may be applicable.

We process data of legal persons on the basis of Art. 57h ^bis GAOA⁴ .

³ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
⁴ Federal Act on the Organisation of the Government and the Administration (GAOA, SR 172.010).

We primarily process the personal data that we receive from applicants and customers and from other business partners as well as other persons involved in the course of our funding activities and other legally stipulated tasks of Innosuisse, or that we collect from their users when operating our websites and applications.

Where permitted, we also take certain data from publicly accessible sources (e.g. commercial register, the press and the internet) or receive such data from other authorities or third parties (such as coaches and mentors of Innosuisse). 

In addition to the data about you that you give us directly, the categories of personal data that we receive about you from third parties include, in particular:

• Information from public registers and information that we learn in connection with official and judicial proceedings,
• Information related to their professional or academic functions and activities (so that we can, for example, formally verify information provided on this in applications as part of the evaluation),
• Information about you in correspondence and meetings with third parties, and credit reports (where we deal with you personally),
• Information about you given to us by people close to you (business partners, family, advisors, legal representatives, etc.) so that we can conclude or process contracts with you or involving you (e.g. references and powers of attorney),
• Information on compliance with legal requirements such as anti-money laundering and export restrictions,
• Information from the media and the internet about you (if this is appropriate in the specific case, e.g. to check application details or in the context of an application),
• Data related to the use of the website (e.g. IP address, MAC address of the smartphone or computer, details relating to your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, and location details).

We use the data we collect primarily within the scope of our legally stipulated funding mandate (Art. 18 et seqq. RIPA⁵), in particular

• for the formal review of submitted funding applications;
• as part of the evaluation of funding applications;
• in the event of a positive funding decision, to conclude and process funding contracts and administer the corresponding administrative procedure;
• in the event of a negative funding decision to conclude the administrative procedure (usually by means of an order);
• to review the use of subsidies and in the context of final accounts;
• to review the effectiveness of Innosuisse funding instruments (impact analysis);
• for correspondence in the context of application and funding procedures;
• for coordination with other Innosuisse funding instruments;
• for the purpose of informing the public about the promotional activities of the Federal Administration.

In addition, we process personal data from you and other persons as necessary and within the scope of our legal duties (esp. Art. 3 SIAA⁶) for the following purposes:

• Concluding (private law) contracts e.g. with external suppliers and correspondence in this context.
• Conducting legal proceedings in accordance with the relevant procedural law (in particular appeal proceedings under the APA⁷) or for asserting legal claims (such as claims for restitution under Art. 40 SuA⁸).
• If you apply to us as an employee in the context of application procedures and the processing of employment contracts (in accordance with BPG⁹ and Art. 4 Personnel Ordinance Innosuisse¹⁰)
• Within the scope of election procedures (according to Art. 6, 9 and 10 para. 2 SIAA), accreditation procedures for coaches or mentors (according to Art. 21 para. 3 and Art. 21 para. 2 RIPA) and for handling the cooperation with elected or accredited persons;
• Within the scope of electronic document management (in accordance with Article 57h GAOA) and to ensure and check the proper operation of the electronic infrastructure.

We reserve the right to make further amendments in accordance with the relevant legal basis.

If you have given us your consent to process your personal data for certain purposes (for example, when you register to receive newsletters or carry out a background check), we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

⁵ Federal Act on the Promotion of Research and Innovation (RIPA, SR 420.1).
⁶ Innosuisse Act (SIAA, SR 420.2).-
⁷ Administrative Procedure Act (APA, SR 172.021).
⁸ Federal Act on Financial Assistance and Subsidies (SubA, SR 616.1);
⁹ Federal Personnel Act (FPA, SR 172.220.1).
¹⁰ Innosuisse Personnel Ordinance.

We also disclose personal data to third parties within the scope of our funding activities and the purposes set out in section 3, insofar as we have a legal basis or a justification (e.g. consent) for doing so and it appears appropriate to us, either because they process it for us or because they want to use it for their own purposes. This involves the following posts in particular:

• Research institutions (e.g. grant offices of universities), organisations (e.g. implementation partners) and natural persons (e.g. researchers) involved in the respective funding measure;

• Partners and organisations that cooperate with us on certain funding opportunities (such as BRIDGE, internationalisation camps, trade fairs and start-up training);

• Coaches and mentors who support and work with you as part of an Innosuisse funding;

• Federal bodies, namely for archiving purposes, within the framework of legal proceedings or for coordination purposes;

• Our service providers and contract processors such as cloud providers and developers of our Innolink platform or service providers who, for example, carry out statistical evaluations for us or make in-depth clarifications as part of the review and evaluation of applications;

• Third parties who have applied for access to official files on the basis of the  Federal Act on Freedom of Information in the Administration¹⁷, provided that we have granted them full access in our opinion; in principle, however, official documents are blacked out (i.e. anonymised and no personal data is disclosed) prior to inspection on the basis of Art. 9 para. 2 FoIA;

• Applicants who have applied to inspect the documents relating to the application procedure concerning them on the basis of the right to inspect files under the Administrative Procedure Act (APA) and who have no grounds under Art. 27 APA for not doing so;

• The public in the context of the publication of funded applications on the federal research database www.aramis.admin.ch in accordance with the ARAMIS Ordinance¹⁸ or in the publication of awards on www.simap.ch in the context of public procurement procedures in accordance with PPA¹⁹.

These recipients are predominantly in Switzerland and we attach great importance to the fact that the storage locations used are in Switzerland. However, this is not possible in all cases. In particular, you must expect your data to be transferred to all countries worldwide in which Innosuisse offers or supports funding opportunities, as well as to other countries in which the service providers we use are located. The storage locations of the cloud solutions used are generally in Switzerland or the EU.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection law insofar as it is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it concerns data that you have made generally accessible and you have not objected to its processing.

¹⁷ Federal Act on Freedom of Information in the Administration (FoIA, SR 152.3).
¹⁸ Ordinance on the ARAMIS information system on federal research and innovation projects (ARAMIS Ordinance, SR 420.171)
¹⁹ Public Procurement Act (PPA), SR 172.056.1.

We erase or anonymise the personal data we have collected from you as soon as it is no longer needed to fulfil the purpose for which it was originally collected, and beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for a period during which claims can be asserted against Innosuisse and to the extent that we are otherwise legally obliged to do so insofar as no other storage and documentation obligations exist. As soon as your personal data is no longer required for the above-mentioned purposes, it will be erased or made anonymous as far as possible. For operational data (e.g. system protocols and logs), shorter retention periods of twelve months apply.

We process personal data in job application procedures on the basis of Art. 4 of the Innosuisse Personnel Ordinance in accordance with the provisions of the Federal Personnel Act²⁰ and the implementing legislation specifying this (in particular the BPDV²¹).

If you apply for a job at Innosuisse via the Innosuisse job portal, we will ask you to provide certain information about yourself and you will be given the opportunity to upload further application documents such as your CV, letter of motivation, references, etc. This information and documents will be treated confidentially. We treat these details and documents confidentially. They are only available to the persons responsible for the relevant application procedure at Innosuisse in the recruitment process.

If you subsequently take up employment with Innosuisse, your application documents, or an extract thereof, will be added to your personnel file. The remaining personal data and documents will be deleted no later than three months after the job has been filled.

If you have applied for a position but received a negative decision, your data and documents will be deleted no later than three months after the position has been filled (there will be no notification of the deletion of the data). This does not apply to cases where we would like to keep your file for possible future application procedures and you have given us your consent to do so.

You can withdraw your application and have the data deleted at any time.

²⁰ FPA, SR 172.220.1.
²¹ Ordinance on the Protection of Personal Data of Federal Personnel (BPDV, SR 172.220.111.4).

From time to time, Innosuisse conducts expert and innovation council elections as well as accreditation procedures of coaches and mentors. They are advertised on the Innosuisse homepage. If you apply for an election or accreditation within the framework of these procedures, we process the personal data provided as well as the documents submitted based on the Innosuisse Act²² and the FIFG²³.

We treat the submitted documents confidentially. They are available exclusively to the persons responsible at Innosuisse for the relevant election or accreditation procedure in the selection process.

In the event of a successful election or if you are accredited, your application documents, or at most an extract thereof, will be stored for the purpose of carrying out the cooperation.

Otherwise, your data and documents will be deleted no later than three months after completion of the election or accreditation procedure (no notification of the deletion of the data will be made). This is without prejudice to cases in which we would like to retain your file for possible future election or accreditation procedures and you have given us your consent to do so.

You can withdraw your application and have the data deleted at any time.

²² Art. 9 para. 3-5 and art. 10 para. 2 SIAA.
²³ Art. 21 para. 1 RIPA.

We apply appropriate technical and organisational security measures in data processing and employ IT security and data protection specialists to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Innosuisse’s security measures correspond to the current state of the art.

For security reasons and to protect the transmission of confidential content such as funding applications, our website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock icon in your browser line. If the SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

We communicate with secure UCC solutions approved by Innosuisse²⁴ (e.g. Skype for Business, Webex and Microsoft Teams). We exchange documents and larger data sets with you via secure platforms (e.g. Innolink and Microsoft Sharepoint). We transmit confidential data or documents with sensitive content in encrypted form using IncaMail or the Federal Administration’s File Transfer Service.

²⁴ Unified Communications Collaboration (UCC) describes the integration of different forms and channels of communication with tools for collaboration.

As a data subject, you have certain rights with regard to the personal data we process about you:

From time to time, it may become necessary to make changes to the Data Protection Policy. The current version published on our website applies in each case.

Last updated: 01.09.2023