We thank you for your trust and encourage you to read our data protection policy carefully to learn how and where it will be used.



To better manage your information, Zolliway - Personnel Search and Selection, will save it in the Recruit CRM software. With this tool, it will be able to submit your application in a simple and structured way to client companies for potential professional opportunities. Recruit CRM is software that helps recruitment companies manage the selection process as well as communication with client companies.

You can ask Zolliway to delete or update your information at any time.

  • Here you will find quick links to the Data Protectionand the commitment according to the GDPR by Recruit CRM.
  • Instead, below you will find all the information pertaining to Zolliway's data protection.


With this notice, we would like to explain to you the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the scope of our services, functions, and related content (online and offline), as well as external presences, for example through our social media profiles (hereinafter referred to as "offer"). Regarding the terms used, such as "processing" or "data controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).


Zolliway Sagl.

Via al Gas 8

6850 Mendrisio

+41 91 224 68 88

[email protected]


Contact person: Samuel Zollinger


Data processor

Your personal data is processed by Zolliway Sagl and its employees (hereinafter referred to as "we" or "Zolliway"), registered in the Trade Register in the canton of Ticino, as the Data Processor. However, we delegate part of the data processing operations to our subcontractors and/or clients. The purpose of this document is to describe the measures taken in this specific case to ensure the security of your personal data.

This confidentiality clause applies to the visitors, clients and users of the online offer, the candidates and clients we meet, and the candidates and clients who hand over their data to us by email, online, in hard copy or any other form (hereafter all these groups of interested parties are also referred to as "users").

  • people who use our websites and services, regardless of whether or not they have a personal account;
  • The people we seek to place and for whom we seek employment (applicants);
  • contact persons at our customers, suppliers and business partners;
  • people who subscribe to our communications and newsletters;
  • People applying for our positions through other online portals.

In addition, this confidentiality clause describes.

  • The categories of personal data we collect and process;
  • How we process and protect this information, how long we keep it;
  • To whom we disseminate them;
  • what your data rights are and how you can exercise these rights.


What data do we process?

  • Inventory data (e.g., names, addresses).
  • Contact information (e.g., e-mail, phone numbers).
  • Content data (e.g., text insertion, photographs, videos).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Metadata/communication data (e.g., device information, IP addresses).
  • Should our user ask us to provide you with services, such as a placement with our clients, we record the necessary information, usually contained in a CV, such as:
  • Date of birth, sex, nationality, and residence permit
  • professional qualifications; educational and vocational background; language, computer or other skills; career interests; or any other information useful for the purpose of qualifying you for employment
  • in case you provide us with them, photos and excerpts from criminal records and the enforcement office

Please take note that documents submitted for an application may contain sensitive data under Article 3 letter c of the Federal Data Protection Act (DPA) or special categories of data of a personal nature under Article 9 of the European Union General Data Protection Regulation (GDPR). This may be, for example, data relating to a data subject's political opinion, religious belief, or physical or mental health, or a photo from which his or her ethnic origin can be traced. If you provide this type of information in your application documents, you expressly agree that this information may be stored, processed, and transmitted by us.


For what purpose do we use the data collected?

  • For the provision of our employment search services, the provision of the online offer, its functions and content;
  • Assess your aptitude and qualifications as a job candidate
  • Provide her with employment and job opportunities
  • manage our customer/supplier relationships
  • Provide her with additional services, such as training, career guidance, career transition facilitation
  • Responding to requests to contact and communicate with users.
  • For security measures.
  • For tracking geographic coverage/marketing.
  • Create and manage your accounts on our sites and apps
  • Send her, for example, promotional materials, newsletters, or notices about any vacant positions
  • Undertake direct marketing initiatives, such as promotions, offers, surveys, contests, newsletters, market research, or special events
  • exploit, evaluate, and improve our activities (including analyzing, optimizing, and developing our services; managing our communications; analyzing data; performing internal functions such as compatibility, etc.)
  • Protect against fraud and other illegal activities, seeking to identify and prevent them, as well as in case of enforcement or other claims
  • Provide you with HR services, including social benefits programs, mission dispatch, compensation, performance management, and disciplinary measures
  • perform statistical analyses of data, such as: analyzing our candidate and temporary worker base; assessing individual performance and skills, including assessing the skills inherent in the employment performed; identifying any skills gaps; matching people's profiles with potential employment opportunities; and analyzing "pipeline data" (trends related to hiring procedures).


Terms used

"Personal data" means any information concerning an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., coockie), or one or more features of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.

"Processing" means: any operation or set of operations performed with or without the aid of automated procedures and relating to personal data. The term is very broad and includes virtually any data processing.
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures designed to ensure that such personal data is not attributed to an identified or identifiable natural person.

"Profiling" means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

"Data controller" means the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data.

"Data controller" means the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.


The applicable legal bases

Pursuant to Article 13 GDPR, we disclose below the legal basis of our data processing. Where the legal basis is not mentioned in the data protection notice, the following applies. The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 RGPD, the legal basis for processing for the purpose of the performance of our services and for the performance of contractual measures as well as for responding to inquiries is Art. 6(1)(b) RGPD, the legal basis for fulfilling our legal obligations is given by Art. 6(1)(c) RGPD, and the legal basis for processing for the purpose of pursuing our legitimate interests is given by Art. 6(1)(f) RGPD. If the vital interests of the data subject or another natural person make it necessary to process personal data, the legal basis is Art. 6(1)(d) RGPD.

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, in accordance with Article 32 GDPR, taking into account the state of the art, the cost of implementation, and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood of the risk occurring and its severity for the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as accessing, entering, transmitting, securing availability and separating them. We have also established procedures to ensure the exercise of data subjects' rights, data deletion, and response to data-related risks. In addition, we consider the protection of personal data already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and protection by default (Art. 25 GDPR).


HOSTING of the data we collect

In order to ensure a simple, fast, intuitive and efficient application process as well as the ability to quickly identify the user's application for a given professional opportunity in line with his or her professional experience and thus increase the chances of success in brokering employment, we rely on the Recruit CRM application. Thus, the data we collect is located in the Recruit CRM application ( ) which relies on Amazon USA's servers for hosting. In addition to this, the collected data can be safeguarded on Microsoft One Drive servers.


Can we transfer your data abroad?

As mentioned above, the collected data is managed by us through the Recruit CRM application and is safeguarded and encrypted on Amazon Web Services (AWS) and Microsoft servers. In addition, if in order to broker a professional opportunity for our user/candidate, we may directly or indirectly (through a client) transfer his/her personal data understood as CV outside the territory of Switzerland, to EU countries (subject to the EU General Data Protection Regulation) or to other countries worldwide.


What are your rights?

The legal framework grants you numerous rights regarding personal data. You can exercise some of these rights yourself by contacting us by phone or email. Some of your main rights include:

  • Right of accessand the right to rectification: you have the right to access your personal data to verify its processing in accordance with the provisions of the law. You also have the right to request correction or completion of your personal data to ensure that the processing is correct. Art. 16 GDPR
  • Right to erasure("right to be forgotten") and right to restrict processing: you have the right to request us to erase your personal data or stop processing it if we are unable to erase it. art. 17 RGPD
  • Right to object: you have the right to object at any time to the processing of your personal data by us, on the grounds provided by law, without having to justify your decision. art. 21 GDPR
  • Right to object to decisions made by automated means.: also covers profiling, but specifically regulates the use of cookies.

When processing is done with your consent, you have the right to revoke this consent at any time with effect for the future.

Although the deletion takes place in our database, our service providers can keep a security backup of the data for a limited period of 6 months, after which the deletion will be final.


Cookies and the right to object in relation to direct marketing

"Cookies" are files that are stored on the user's computer. Different data can be stored within cookies. A cookie is primarily used to store information about a user (or the device on which the coockie is stored) during or after visiting websites. Temporary cookies, or "session cookies" or "transient cookies," are cookies that are deleted after the user exits an online offering and closes the browser. In such a cookie, for example, the contents of a shopping cart in an online store or login status can be stored. Cookies are called "permanent" or "persistent" and remain stored even after the browser is closed. For example, login status may be saved when users visit after several days. Similarly, users' interests used for geographic coverage tracking or marketing purposes may be stored in such a cookie. "Third-party cookies" are cookies offered by providers other than the provider of the online offering (otherwise, if they are only third-party cookies, they are referred to as "proprietary cookies").

We may use temporary and permanent cookies and clarify this point within our data protection policy.

If the user does not want cookies stored on his or her computer, he or she is asked to disable the corresponding option in the system settings of the browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies may lead to functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be declared for a plurality of services, particularly in the case of tracking, through the U.S. site or the EU site In addition, you can store cookies by disabling them in your browser settings. Please note that in this case you cannot use all the functions of this online offer.


Updating our confidentiality clause.

This confidentiality clause (with its appendices) may be amended at any time to reflect changes in our confidentiality practices or changes in the legal framework. In the event of a substantive amendment, we will do everything in our power to inform you, particularly through a message on our website. In any case, we recommend that you check the version of this clause, the one posted on our website being the authentic version.

How long do we keep your personal data?

We keep personal data in our systems for as long as necessary for processing and fulfilling our legal obligations. This time is quantified by us by considering:

  • The need to have the data in order to offer you the agreed services
  • Our legitimate interests, as described in this document
  • compliance with our legal obligations


Information on data protection in the application process

Candidate's data are processed by us only for the purpose and within the scope of the application procedure in accordance with the provisions of the law. Candidate data is processed to fulfill our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 (1) (b) and (f) RGPD, if data processing is necessary for us, e.g. within the scope of legal procedures.


The application process requires applicants to provide us with their data. If we provide an online form, the necessary candidate data are marked, otherwise they result from the job description and generally include personal data, postal and contact addresses, and documents related to the application, such as cover letter, resume, and certificates. In addition, applicants may voluntarily provide us with additional information.


By submitting an application, applicants consent to the processing of their data for the purpose of the application process in accordance with the type and scope outlined in this data protection notice.


If certain categories of personal data within the meaning of Article 9(1) RGPD are disclosed voluntarily as part of the application process, their processing takes place, in addition, in accordance with Article 9(2)(b) RGPD (e.g., data relating to health, serious disability status, or ethnic origin). If special categories of personal data within the meaning of Article 9(1) RGPD are requested from applicants during the application process, their processing takes place, in addition, in accordance with Article 9(2)(a) RGPD (e.g., health data, if necessary for the exercise of the profession).


Where such a mode is available, candidates may send us their applications via an online form on our website. Candidates may also send us their applications by e-mail. Note, however, that e-mails are generally not sent in encrypted form, and candidates themselves must ensure that they are encrypted. Therefore, we take no responsibility for the transmission path of the application between the sender and receipt on our server. Instead of using online application and e-mail, candidates can still send their application to us by mail or deliver it short hand.


Until a revocation occurs, data collected as part of an application process remains in our system for the purpose of filling vacancies at a later date. In addition, this is also for the purpose of answering any clarification questions about the application so that we can meet our burden of proof under the Equal Treatment Act.

As part of the application process, we offer candidates the opportunity to be entered into our system on the basis of consent in accordance with Art. 6(1)(b) and Art. 7 RGDP.


Application documents will be processed only in the context of future job advertisements and the search for employees.
When you contact us (e.g., via contact form, e-mail, telephone, or social media), your information is processed for the purpose of processing your contact request and fulfilling it in accordance with Art. 6(1)(b) RGDP. User information may be stored in a customer relationship management system ("CRM system") or similar request management system.

We delete requests if they are no longer needed. Legal filing requirements also apply.


With the following information we inform you about the content of our newsletter, as well as the procedure of registration, sending and statistical evaluation and your rights to object. By subscribing to our newsletter you consent to the receipt and procedures described.

Newsletter content: we send newsletters, e-mails, and other electronic messages containing advertising information (hereinafter referred to as "newsletters") only with the recipients' consent or legal authorization.


If the contents of a newsletter are specifically described as part of a registration, they are decisive for users' consent. In addition, our newsletters contain information about our services and about us.


The sending of the newsletter and the related measurement of results are based on the recipient's consent pursuant to Art. 6 (1) (a), Art. 7 GDPR in conjunction with Art. 7 para. 2 no. 3 LCD or, in the absence of such consent, on our legitimate direct marketing interests pursuant to Art. 6 (1) (f) GDPR in conjunction with Art. 7 para. 3 LCD.

The subscription process is recorded based on our legitimate interests under Art. 6(1)(f) RGDP. We are interested in the use of a secure and user-friendly newsletter system that serves both our business interests and users' expectations and allows us to provide proof of consent.

Unsubscribe/Revocation: you can unsubscribe from our newsletter at any time, or revoke your consent. You will find an unsubscribe link at the end of each newsletter. We may store e-mail addresses that we have deactivated based on our legitimate interests in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. A single request for deletion is possible at any time, provided that at the same time the previous existence of consent is confirmed.


Newsletter - Mailchimp

The newsletter is sent by the sending service provider "MailChimp", a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection policies of the sending service provider can be found here: Rocket Science Group LLC d/b/a MailChimp is certified under the EU-US Privacy Shield agreement and thus offers a guarantee of compliance with the European level of data protection ( The sending service provider is used on the basis of our legitimate interests under Article 6(1)(F) RGPD and a processing agreement under Article 28(3), first sentence, RGPD.

The sending service provider may use recipient data in pseudonymized form, i.e., without attribution to a user, to optimize or improve its services, for example, to technically optimize the sending and presentation of the newsletter or for statistical purposes. However, the sending service does not use the data of our newsletter recipients to write to them directly or to communicate them to third parties.


Newsletter - Measuring results

Newsletters contain a so-called "web-beacon," i.e., a pixel-format file that is downloaded from our server when the newsletter is opened or, if we use a sending service provider, from that provider's server. As part of this search, technical information is initially collected, such as browser and system information, as well as the IP address and time of the search.

This information is used to technically improve services based on technical data or target groups and their reading behavior based on retrieval location (which can be determined using IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. Although, for technical reasons, this information can be attributed to individual newsletter recipients, however, it is not our purpose, nor that of the sending service provider possibly employed, to monitor individual users. Rather, we use the ratings to recognize the reading habits of our users and to tailor our content to them or to send differentiated content according to the interests of our users.

A separate revocation of the results measurement is unfortunately not possible, in which case the entire newsletter subscription must be cancelled.


Hosting and emailing

The hosting services we use are to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail delivery, security services, and technical maintenance services that we use in order to operate this online offering.

We or our hosting provider process inventory data, contact data, content, contractual data, usage data, metadata, and communication data of customers, data subjects, and visitors of this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering within the meaning of Art. 6 (1) (f) RGPD in conjunction with Art. 28 RGDP (stipulation of the processing contract).


Collection of access data and log files

We or our hosting provider collect the following data based on our legitimate interests under Art. 6(1)(f) GDPR on each access to the server on which this service is located (so-called server log files). Access data include the name of the visited website, the file, the date and time of access, the volume of data transferred, notification of successful access, the browser type and version, the user's operating system, the referrer URL (the page previously visited), the IP address, and the requesting provider.

Log file information is stored for up to 12 months for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data whose further retention is necessary for evidentiary purposes are excluded from deletion until the relevant event has been finally clarified.


Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called "website tags" via an interface (and thus integrate, for example, Google Analytics and other Google marketing services into our online offering). Tag Manager itself (which implements the tags) does not process any personal data of users. Regarding the processing of users' personal data, please refer to the following information regarding Google services. Usage Guidelines:


Google Analytics

Based on our legitimate interests [i.e. interest in the analysis, optimization and economic operation of our online offerings within the meaning of Art. 6(1)(f) RGDP] we use Google Analytics, a web analytics service of Google LLC ("Google"). Google uses cookies. The information generated by the cookie about users' use of the online offering is generally transferred to a Google server in the United States and stored there.

Google is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law (

Google will use this information on our behalf to evaluate users' use of our online offering, to compile reports on activities within this online offering, and to provide us with additional services associated with the use of this online offering and the Internet. Pseudonymized user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google abbreviates the IP address of users within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

The IP address transmitted by the user's browser is not combined with other data from Google. You may prevent the storage of cookies by setting your browser software accordingly; you may also prevent Google from collecting data generated by the cookie and related to your use of the online offer as well as Google's processing of such data by downloading and installing the browser plug-in available at the following link:

More information about Google's use of data, possible settings and objections can be found in Google's data protection policy ( and in the settings for the presentation of advertisements by Google (

Users' personal data will be deleted or anonymized after 14 months.


Google AdWords and conversion measurement

Based on our legitimate interests [i.e., the 'interest in the analysis, optimization, and economic operation of our online offerings within the meaning of Section 6(1)(f) RGDP], we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

Google is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection regulations (

We use Google's "AdWords" online marketing procedure to place ads in Google Advertising Network (e.g., in search results, in videos, on websites, etc.) so that they are presented to users who have a presumed interest in the ads. This allows us to present ads for and within our online offerings more specifically in order to present users with only those ads that potentially match their interests. For example, if a user is shown ads for products in which they are interested in other online offerings, this is referred to as "remarketing." For this purpose, when accessing our and other websites where Google Advertising Network is active, Google directly runs a code from Google and (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the site. Thanks to them a single cookie, i.e. a small file, is stored on the user's device (similar technologies can be used instead of cookies). This file contains the websites visited by the user, content of interest to the user and offers the user clicked on, technical information about the browser and operating system, referring websites, the period of the visit, and additional information about the use of the online offer.

We also receive an individual "conversion cookie". The information collected with the help of cookies is used by Google to generate conversion statistics for us. However, we only see the total number of anonymous users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

User data is processed in a pseudonymized manner within Google's advertising network. This means that Google does not store and process, for example, users' names or e-mail addresses, but processes relevant data saved by cookies within pseudonymized user profiles. This means that, from Google's point of view, ads are not managed and presented for a specifically identified person, but for the holder of the cookie, regardless of who that holder is. This does not apply if the user has expressly authorized Google to process the data without such pseudonymization. The information collected about users is transmitted to Google and stored on Google's servers in the United States.

More information about Google's use of data, possible settings and objections can be found in Google's Data Protection Policy ( and Google's Ads Submission Settings (


Online presence in social media

We have an online presence within social networks and platforms to communicate with active, interested customers and users and to inform them about our services. For access to the respective networks and platforms, the general terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our data protection policy, we process data from users who communicate with us within social networks and platforms, such as by writing articles on our websites or sending us messages.