Data Security

Who we are

Key Relocation Sàrl is a relocation company, registered since 2nd April 2009, providing destination services (home search, school search, immigration, settling-in etc.) to multi-national companies and individuals. Key Relocation Sàrl is registered at Chemin de Mussel 11, 1124 Gollion. CHE-114.804.471.

Purpose, scope and validity

Being discreet and ensuring our customer’s confidentiality is maintained are essential components of our professional ethics. The purpose of this policy is to ensure that all Key Relocation staff, external partners and subcontractors are clear about the purpose and principles of Data Protection and to ensure guidelines and procedures in place are consistently followed.

This Data Protection Policy is applicable to all employees of Key Relocation as well as any third party company or person performing work for or on behalf of Key Relocation (hereafter referred to as “Employees” and “Subcontractors”).

Implicit consent

Any customer ordering services from Key Relocation will be notified of this data security policy and consent with its conditions is implicitly given. Should customers not agree, partially or entirely, with the content of the policy, Key Relocation needs to be notified in writing before service delivery has started. Key Relocation reserves the right to cancel services in this case if personal data is required to fulfill its contractual obligations.

Any Employee or Subcontractor accepting work from Key Relocation will also be notified of this Data Security Policy and implicitly agrees with the Policy and guarantees its application.

How do we collect information.

We receive information from our customer’s HR department, from our customer directly or from other companies appointed to assist with the Relocation Process.

Definition of personal and confidential information

Personal information is defined as information that is not publicly available and cannot be acquired without any reservations.  The typical personal information we collect on individuals would usually include (but is not limited to):

  • Name
  • Address
  • E-mail address
  • Contact details
  • Date of birth
  • Gender
  • Medical Insurance and Personal Insurance
  • Identification numbers (such as passport, social security number or similar)
  • Employment contracts
  • Property and vehicle lease contracts
  • Income related information
  • Education
  • Details relating to family members

Information collected about Employees of Key Relocation or its Subcontractors is also considered as personal information and the same regulations apply. Personal and confidential information or data may be collected through online forms, move surveys, phone calls, emails, social networks, or any form of communication that includes the collection of information with the explicit or deduced consent of the client.

Quality of data, access to data, modification and disposal

Key Relocation, Employees and Partners will store personal data for as long as needed to fulfill the stated purposes or as long as required by laws and regulations. For Switzerland, the current duration of storage of personal data is 10 years. Past this date, Key Relocation and partners will appropriately dispose of such information.

Customers may request at any time to obtain access to personal data that Key Relocation, Employees or Partners hold on them and to verify its accuracy and request to update or modify it. This request must be addressed to dataprotection@key-relocation.ch. It is not possible to request disposal of personal information once service delivery has started and for as long as legal obligations to retain data apply.

Should the requested information be incorrect, the applicant must notify Key Relocation within five working days and request the correction of the error.

Confidentiality, Secrecy Requirement, Professional Secrecy

Personal data and other confidential information is collected relating to the provision of relocation services. Personal information received from customers both private and corporate will be used solely for the purpose of delivering our approved services. Key Relocation is permitted to use personal data in order to carry out the relocation function, the information is never sold or rented to third parties. The use of confidential information for marketing purposes is not permitted. In order to carry out the Relocation function information may be shared with the following:

  • Real Estate Agencies/Landlords: Key Relocation will transfer personal information to apply for rental/purchase properties in the relocation process. Key Relocation is not responsible for the use of the data by the real estate agencies/landlord.
  • Third Party Service Providers: We may pass information to our third party service providers for the purposes of completing tasks and providing services on our customers behalf. However, when we use third party service providers, we disclose only the personal information that are necessary to deliver the service and we have a contract in place that requires them to keep information secure and not to use it for their own direct marketing purposes.
  • Third Party Service Providers we work in association with: We work closely with various third party service providers to assist our customers in the relocation process (insurance broker, banking services, estate agents, private/local schools, cleaning and handyman services, utility companies). When we use third party service providers, we disclose only the personal information relevant to deliver the requested service.

Employees and Subcontractors are not allowed to disclose confidential or personal information to third parties or otherwise exploit confidential information. For Employees this restriction is valid for their time of employment as well as after their employment has ended. This obligation to secrecy also applies to the company’s internal information, documentation and resources.

Employees and Subcontractors agree to keep confidential and not to disclose, directly or indirectly, any information regarding Key Relocation’s business, including without limitation, information with respect to operations, procedures, methods, accounting, technical data or existing or potential customers, or any other information which Key Relocation has designated as confidential.

Employees and Subcontractors shall not, either during the term of their employment/service delivery or at any time thereafter, disclose any proprietary, secret or confidential information of the company to any third party whatsoever. Employees leaving Key Relocation will be required to return all records, in any format, containing confidential information.

Within Key Relocation the obligation to secrecy extends to co-workers whose job does not require access to a customer’s or co-worker’s confidential information.

Protecting information

Employees and Partners shall secure all documents, work in process, training or other items incorporating any confidential or proprietary information on our encrypted, secure cloud portal, on the rare occasion hard copies are used they are placed in locked file drawers or areas to which access is restricted in order to prevent unauthorized disclosure.

The same regulations apply if work is conducted offsite. Employees shall secure all information taken off-site and prevent its unauthorized disclosure. Using public WIFI or unauthorized networks is strictly prohibited.

Any document, work in process, training or other items incorporating any confidential or proprietary information taken offsite have to be returned to company premises immediately after usage.

Employees and Partners are expressly forbidden to store or transfer confidential information on a non-authorized i.e. non company issued portable device (e.g. USB stick, laptop etc).

Customer Rights

Every data subject has rights in relation to their personal data, including:

  • The right of access – according to Article 15 of the GDPR.
  • The right to rectification – according to Article 16 of the GDPR.
  • The right to erasure – according to Article 17 of the GDPR.
  • The right to restrict processing – according to Article 18 of the GDPR.
  • The right to object – according to Article 21 of the GDPR.
  • The right to data portability – according to Article 20 of the GDPR.

Access to company premises

Access to company premises is restricted and can be granted only when accompanied by company employees.

IT Infrastructure

IT infrastructure must be protected in the company’s and the Employees’ interest and is a key element in securing data privacy. Key Relocation-specific IT Infrastructure regulations are described in more detail below.

Subcontractors confirm that they have implemented adequate IT protection measures within their companies.

Reporting of non-compliances

Any non-compliance needs to be reported as soon as possible and within 2 days of its discovery to dataprotection@key-relocation.ch or directly to a Managing Partner. All breaches will then be reported to and treated under the responsibility of a Managing Partner. An acknowledgement shall be provided to the reporter within one week of the report of an incident.

Adherence to policy and consequences of non-compliance

Adherence to these regulations regarding the usage of electronic systems can be monitored.

An abuse is considered to have occurred if the provisions of these regulations have not been followed or if Employees breach their work duties. If despite all precautions, repeated or heavy offences against these regulations are discovered, the company may order a personal evaluation after issuing a warning and is entitled to seek compensation for any loss or damage.

An abuse is considered to have occurred if the provisions of these regulations have not been followed or if Subcontractors breach their duties during service delivery or any time thereafter. If despite all precautions, repeated or heavy offences against these regulations are discovered, Key Relocation may terminate the relationship with a Subcontractor and be entitled to seek compensation for any loss or damage.

The company reports all criminal offences in connection with child pornography, racism, etc.

The Employees and Subcontractors are fully responsible for security and the adherence to these guidelines when using any physical information, work stations or communication devices.

Ownership, communication and review of Policy

This Data Security Policy is under direct ownership of the Managing Partners at Key Relocation and is subject to an annual review process. The policy will be communicated to key stakeholders by various means and under the responsibility of the Managing Partners. In particular, the following stakeholders need to be notified:

– Employees

– Subcontractors

– Corporate customers

– Private customers

IT Infrastructure of Key Relocation

IT infrastructure must be protected in the company’s and the Employee’s interest.

The use of the company’s infrastructure for private purposes must be held to a minimum and must not impair the obligation to work. The obligation to adhere to the company’s confidentiality interests also applies when using the infrastructure for business purposes, in particular in connection with the storage of business data. Usage of the infrastructure should not leave negative trails which may lead to the company. Irregularities must be reported to a Managing Partner immediately.

The Employee acknowledges that the use of communication may be recorded for technical purposes.

Computer work station and laptop

The selection, acquisition and installation of PCs, electronic agendas, peripheral devices and software are the sole responsibility of the Managing Partners. Programs can be accessed, over-written or even deleted by the Managing Partners at any time. Access to the technical resources is provided through a personal password. It is forbidden to share passwords or to maintain password lists. A business PC may be used only by designated company employees; it is forbidden for another person to use such PCs. Should the employee resign or if the equipment is not being used, the equipment and all accessories must be returned to the Managing Partners immediately.

When an Employee leaves the company, their user accounts within the Key Relocation environment will be deactivated immediately. The Managing Partners have the responsibility to ensure that appropriate security measures are in place for any leaving Employee. Passwords are strictly personal and never to be passed on to a colleague, except upon explicit approval of the Managing Partners.

Virus protection

No e-mail shall be opened which has been received from suspicious parties and/or with a suspicious subject or attachment. Attachments of unknown source shall not be saved to the companies’ media. Special caution is required with data storage devices such as USB sticks, discs, CDs, ZIP drives, etc. since these storage devices may contain viruses as well. Antivirus Software is Installed and maintained by Key Relocation.

Backup

Key Relocation ensures that all Confidential Information is backed up daily. All Backups are encrypted and protected outside of company premises. Access to Backup Infrastructure by unauthorized staff is prohibited.

Server Infrastructure

Access to the Cloud Server containing confidential information is only allowed for authorized Employees. Access is controlled and limited.  User Passwords granting access to confidential data are changed every 90 days.