Privacy Policy

We would like to inform you below about the collection and processing of personal data in the context of the usage of the following msg global solutions services:

  • SAP Sustainability Control Tower (SCT) with Sustainability Reporting Core (SRC)

Data protection and information security are particularly important to us. For this reason, precautions have been taken to protect your privacy. Your personal data will only be processed if processing is necessary to comply with a legal obligation, if this is necessary for the fulfillment of a contract, to guarantee predominantly legitimate interests or if you have expressly consented to it.

Responsible and Data Protection Officer

Responsible for the processing of your personal data according to the GDPR is:

msg global solutions ag
Thurgauerstrasse 39
8050 Zürich/Oerlikon
Switzerland

The Data Protection Officer can be reached by post at the above address with the addition - Data Protection Officer - at:

Email: dataprotection@msg-global.com

 

Legal Basis for the Processing

For reasons of data protection law, the processing of your data is only permitted if you consent to the data processing operations (Art. 6 (1 a) GDPR). By accepting this policy, consent to the processing of the described data is given.

In case pseudonymized data is kept stored, this will be processed for the purposes of legitimate interests (Art. 6 (1 f) GDPR).

If personal information is processed on the basis of your consent, you have the right to revoke your consent to us at any time with future effect.

If we process data based on legitimate interests according to Art. 6 (1 f) GDPR, you, as the person concerned, have the right to object to the processing of your personal data, taking into account the requirements of Art. 21 GDPR.

 

Which personal data do we process and for which purposes?

We process the various types of about you when conducting its business, including:

      • personal contact data

msg global solutions processes the following categories of personal data as contact data: first name, last name, email addresses, postal address/location (country, state/province, city), telephone numbers, and your relationship history with msg global solutions.

      • personal data related to your business relationship with msg global solutions

In the context of established business relationships, msg global solution processes the business partner’s company name, industry, your job title and role, department and function and your company’s relationship history to msg global solutions. If you provide a credit card number or bank details to order products or services, msg global solutions will collect this information to process your payment for the requested products or services.

      • personal data msg global solution must collect due to legal- and compliance-related purposes

If required by statutory law or regulation, msg global solutions may process data categories like date of birth, academic credentials, identity cards or other ID numbers, geolocation, business partner relevant information about e.g., significant litigation or other legal proceedings, and other export control or custom compliance relevant information.

      • service-related personal data

msg global solutions processes service-related personal data in consultation with and with the consent of the customer. 

 

We process your personal data to:

          • pursue its business relationships with you
          • develop and offer you its software products, cloud and other services
          • protect the quality and safety of its products or services
          • secure and, if necessary, defend its protected legal assets against unlawful attacks, assert our rights or defend msg global solutions against legal claims
          • ensure compliance with statutory laws and regulations applicable to msg global solutions
          • transfer it to recipients like other entities of the msg global solutions group, third-party service providers, msg global solutions partners and others

Processing for the aforementioned purposes is permitted pursuant to Art. 6 (1) b) GDPR, as the processing operations are necessary to enable you to use our services and products.

 

Who are the recipients of your personal data?

Your personal data may be passed on to the following categories of third-parties: 

Entities of the msg global solutions group

As msg global solutions is selling its products and services to its customers only via local business relationships, msg global solutions may transfer your personal data to the locally relevant msg global solutions group entity for the purpose and to the extent necessary to conduct a business relationship. Other entities of the msg global solutions group may also receive or gain access to personal data either when rendering group internal services centrally and on behalf of msg global solutions ag and the other msg global solutions group entities or when personal data is transferred to them on a respective legal basis. In these cases, these entities may process the personal data for the same purposes and under the same conditions as outlined in this privacy statement. The current list of msg global solutions group entities can be found here. If you would like to find out which msg global solutions group entity is responsible for the business relationship with you, please contact us at hello@msg-global.com. 

Third party service providers

msg global solutions may engage third party service providers to process personal data on msg global solutions behalf. These service providers may receive or are granted with access to personal data when rendering their services and will constitute recipients within the meaning of the relevant DP law, including GDPR. The current list of msg global solutions third party service providers can be found here.

 

How long will your data be stored?

msg global solutions processes your personal data only for as long as it is required:

          • to make products and services requested by you or your employer available to you
          • for msg global solutions to comply with statutory obligations to retain personal data, resulting inter alia e.g. from applicable export, finance, tax or commercial laws
          • to fulfill msg global solutions legitimate business purposes as further described in this privacy statement, unless you object to msg global solution use of your personal data for these purposes
          • until you revoke a consent you previously granted to msg global solutions to process your personal data. To learn more about how you may revoke consent, please see guidance below in section titled “What are your data protection rights?”.

msg global solutions may process your personal data for product or service development until this no longer necessary or msg global solutions is informed that your relationship with the msg global solutions customer has changed. 

msg global solutions may retain your personal data for additional periods if necessary for compliance with legal obligations to process your personal data or if the personal data is needed by msg global solutions to assert or defend itself against legal claims. msg global solutions will retain your personal data until the end of the relevant retention period or until the claims in question have been settled.

 

What are your data protection rights?

msg global solutions technical and organizational security measures to ensure that your personal data is protected from loss, inaccurate changes or unauthorized access by third parties. Only authorized persons based on our role concept will have access to your personal data. Access is also granted only to the extent necessary for the purposes set out above.

1. Rights of Access

You have the right to obtain from the responsible the confirmation as to whether or not personal data concerning you are being processed. If such processing occurs, you can request from the responsible access to information related to this processing.

2. Right to rectification

You have the right to obtain from the responsible the rectification and/or completion of inaccurate/incomplete personal data concerning you. The responsible must proceed with the rectification without undue delay.

3. Right of restriction of processing

You may request the restriction of the processing of your personal data under certain conditions pursuant to art. 18 GDPR.

4. Right to erasure (Right to be forgotten)

a) Duty to delete

You may require the responsible to delete your personal information without delay, and the responsible is required to delete within the legal boundaries.

b) Information to third parties

Where the responsible has made personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the responsible, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such responsible of any links to, or copy or replication of, those personal data, as far as processing is not required.

c) Exceptions

The right to erasure does not exist if the processing is necessary

          1. to exercise the right to freedom of expression and information.
          2. to fulfill a legal obligation required by the law of the Union or of the Member States to which the responsible is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the responsible.
          3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR.
          4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
          5. to assert, exercise or defend legal claims.

5. Right to information

If you have the right of rectification, erasure or restriction of processing to the responsible, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.

6. Right to data portability

You have the right to receive personally identifiable information you provide to the responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

          1. the processing is based on a consent acc. Art. 6 (1) a GDPR or Art. 9 (2). a GDPR or on a contract acc. Art. 6 (1) b GDPR and
          2. the processing is done by automated means.

Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the responsible.

7. Right to object

You have the right, on grounds relating to your particular situation, at any time, to object the processing of your personal data, which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.

If the responsible processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing.

8. Right to appeal to a competent data protection supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates against the GDPR.

9. Right to withdraw your consent

You have the right to withdraw your consent to processing of personal data at any time. The withdraw of consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

Changes of this privacy policy

We revise this Privacy Policy for changes to the Sustainability Reporting Services or other occasions that may require it. You will always find the current version on this website.

Version: 23-11-2023

© 2023 msg global solutions ag

© 2025 msg global solutions ag