Data protection declaration

General data protection policy

Data Protection Policy of SOCAR Energy Switzerland GmbH

Version effective as of 01 July 2023

In this Data Protection Statement we, SOCAR Energy Switzerland (hereinafter together SOCAR, we or us), explain how we collect and further process personal data in the scope of our business. This Data Protection Statement is not necessarily a comprehensive description our data processing. The term “personal data” in this Data Protection Statement means any information that identifies, or could reasonably be used to identify any person.

This Data Protection Statement complies with EU General Data Protection Regulation (“GDPR”). Although GDPR not relevant for us it still may apply. The Swiss data protection legislation (“FADP”) is very much influenced by EU law.

If you provide us with personal data (such as family members or working colleagues), please make sure that this person is aware of this Data Protection Statement and only provide us, if you are allowed to do so and if such personal data is correct.

1. Controller and Notification 
The "controller" of data processing as described in this data protection statement (i.e. the responsible person) is SOCAR Energy Switzerland GmbH, Nüschelerstrasse 24 in 8001 Zurich, Switzerland.

You can notify us of any data protection-related concerns using the following contact details: 
SOCAR Energy Switzerland GmbH, Nüschelerstrasse 24 in 8001 Zurich, Switzerland
Tel: +41 44 214 41 11 and per email: data.controller@socarenergy.com.

2. Which personal data does SOCAR process?
We primarily process personal data, that we obtain from our customers and other business partners and individuals in the context of our business relationships or that we collect from users when visiting our website, our apps and any other applications.

In so far as permitted to us, we obtain personal data from publicly accessible sources (e.g. debt- or land- or commercial registers, press, internet) or from our customers and their employees, from authorities, courts, arbitral tribunals or any other third parties such as credit rating agencies, insurances, brokers, power or any legal or tax or media advisors.

We receive personal data from interested persons using our website for job vacancies or filling out a request form for a SOCAR’s fuel card for private customers or from any email queries in general or press or operations or sponsoring or sales purposes. Apart from data you provided to us directly, the categories of data we receive about you from third parties include, but are not limited to, information from public registers, data received in connection with administrative or court proceedings, information in connection with your professional role and activities, information about you in correspondence and discussions with third parties, credit rating information, information about you given to us by individuals associated with you (family, consultants, legal representatives) in order to conclude or process contracts with you or with your involvement, information regarding legal regulations such as anti-money laundering or export restrictions, bank details, information regarding insurance and other business partners for the purpose of ordering or delivering services to you or by you (e.g. payments made), information about you found in the media or internet (insofar as indicated in the specific case, e.g. in connection with job applications, media reviews, marketing/sales), your address and any interests and other socio-demographic data (for marketing purposes), data in connection with your use of our websites (e.g., IP address, MAC address of your smartphone or computers, information regarding your device and settings, cookies, date and time of your visits, sites and content retrieved, applications used, referring website, localization data).

3. Purpose of Data Processing and Legal Grounds
In line with applicable law and where appropriate SOCAR may process your personal data and the personal data of third parties for the following purposes, which are in our (or, as the case may be, any third parties’) legitimate interest, such as:

  • SOCAR processes employee data from our business partners;
  • providing and developing our products, services and websites, apps and other platforms, on which we are active;
  • communication with third parties and the processing of their requests (e.g. job applications, media requests, requests from our SOCAR contact webpage);
  • for customer acquisition such as private customers in filling out a SOCAR Cards request form on our website and providing SOCAR and our data processor personal data;
  • for SOCAR’s customer management in respect of our management software (SAP) in order to maintain your personal data including payment data and to provide you the respective service in accordance the contract that we have concluded, for updating your personal data in case of any changes, for our preparation of sales team for renewing the contract and for improving our services; 
  • for advertising and marketing including organizing events provided that you not objected to the use of your data for this purpose (if you are part of our customer base you may receive advertisement, you may object at any time to receive such advertisement);
  • for market research and media surveillance;
  • for asserting legal claims and defense in legal disputes and official proceedings;
  • ensuring our business operations, including our IT, our websites, apps and other applications;
  • for prevention and investigation of criminal offences and other misconduct;
  • video surveillance to protect our domiciliary rights and other measures to ensure the safety of our premises as well as protection of our employees and other individuals and assets (such as access controls on the head office and gas stations, visitor logs, network and mail scanners);
  • for possible corporate transactions and the transfer of personal data related thereto as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations of SOCAR.

If you have given SOCAR your consent to process your personal data for certain purposes (for example when registering for a SOCAR sweepstake), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, as long as we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

4. Cookies / Tracking and other techniques regarding the use of our Website?
This website uses cookies and similar technologies, which allow for identification of your browser or device.

For the details of our Cookies used we refer you to our Cookies Statement on our website.

5. To whom do we transfer data and data transfer abroad?
In the context of our business activities and in line with the purposes of the data processing set out in Section 3, we may transfer data to third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients («Recipients») may be concerned: 

  • our service providers (within the SOCAR group or to third parties, such as e.g. customer service centers, banks, insurances), including processors (such as e.g. IT or HR providers);
  • partners, suppliers, subcontractors and other business partners;
  • customers;
  • domestic and foreign authorities or courts as well as arbitral tribunals;
  • the media;
  • parties interested in corporate transactions;
  • the public, including users of our website and social media;
  • other parties in possible or pending legal proceedings.

SOCAR is set up with IT storage facilities in Switzerland. Certain Recipients are in Switzerland and some are in Germany, Netherlands and Czech Republic.

If we transfer data to a country without adequate legal data protection, we ensure an appropriate protection or on binding corporate rules or rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the persons concerned.

6. Retention periods of your personal data?
We process and retain your personal data as long as required for the performance of our contractual obligations and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company (i.d. particularly during legal prescription periods) or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized, as far as possible. In general, shorter retention periods, of no more than twelve months, apply for operational data (e.g. system logs).

7. Data Security
We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse such as internal policies, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation, inspections.

8. Obligation to provide data to us

In the context of our business relationship, you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations. As a rule, there is no statutory requirement to provide us with data. Without this information, we will usually not be able to enter into or carry out a contract with you (or the entity or person you represent). In addition, the website cannot be used unless certain information is disclosed to enable data traffic (e.g., IP address).

9. Your rights
In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectify and erase of your personal data, the right to restriction of processing or to object to our data processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights incurs costs for you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent in Section 32 above. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been agreed upon contractually.

In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents when your identity is not evident otherwise or cannot be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 1 above.

In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

10. Amendments of this Data Protection Statement
We may amend this Data Protection Statement at any time without prior notice. The current version published on our website shall apply. If the Data Protection Statement is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.

Privacy policy for video surveillance

Video surveillance

We take data protection very seriously and process your data with great care in accordance with the applicable statutory requirements. Transparent information forms part of effective data protection. For this reason, we wish to inform you about video surveillance at our fuel stations and shops in this data protection declaration. You can find information about further ways in which we process your personal data in our general data protection declaration.

Responsible controller for video surveillance within the meaning of data protection:

SOCAR Energy Switzerland GmbH, Nüschelerstrasse 24, 8001 Zurich, Switzerland

You can send all data protection concerns to us using the following contact details:

SOCAR Energy Switzerland GmbH, Nüschelerstrasse 24, 8001 Zurich, Switzerland, telephone: 0041 44 214 41 11 and by email: data.controller@socarenergy.com

Purpose of video surveillance:  
To protect our fuel stations and products, to ensure safety for our staff and third parties, and to prevent and detect offences.

Recipients or categories of recipients:
In the event of a suspected offence, in order to assert claims under civil law and in the case of a statutory obligation, the video recordings may be shared with the competent bodies such as law enforcement authorities or a company commissioned with the assertion of our claims.

Storage duration:
The data shall only be stored by us or our commissioned third parties for as long as necessary for the respective purpose. After this time, the data shall be deleted. Deletion occurs no later than once the purpose of the preservation of evidence has been achieved.