Page 1

Federal Data Protection and Transparency Officer
PFPDT

Treatment guide
personal data
in the labor sector
Processing by private individuals

Status: October 2014

Feldeggweg 1, 3003 Bern
Phone. 058 463 74 84, Fax 058 465 99 96
www.edoeb.admin.ch

Page 2

Contents
1.

Introduction: data protection in the workplace ........................................ ..... 3

2.
2.1
2.1.1
2.1.2
2.1.3
2.1.4
2.2
2.2.1
2.2.2
2.3

Processing of personal data in general ............................................ .................. 4
Federal law on data protection ........................................... .................................. 4
General principles of data processing ............................................ ......................... 4
Processing of personal data by private persons .......................................... 5
Responsibility ................................................. .................................................. ...................... 5
Consequences of personal injury .......................................... ............................... 5
Code of Obligations ............................................... .................................................. .............. 6
Protection of the employee's personality .......................................... ................................... 6
Restrictions on data processing ............................................. ..................................... 6
Other provisions ................................................ .................................................. ................ 7

3.
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.3
3.3.1
3.3.2
3.3.3

What are the authorized data processing operations? .................................................. ......... 8
During the candidate selection process ........................................... ....................... 8
Publication of a job offer .......................................... .................................................. .. 8
Application file and interview ............................................. ........................................... 8
Recruitment tests ............................................... .................................................. ............. 9
Health / Insurance questionnaire ............................................. ...................................... 10
Medical fitness report ............................................. .................................................. .... 10
Genetic analysis ................................................ .................................................. ............... 10
Drug tests on apprentices .......................................... .................. 10
Placement of personnel and rental of services ........................................... ....................... 11
Non-engagement ............................................... .................................................. ................. 11
During the employment relationship ........................................... ................................... 11
Personnel files ............................................... .................................................. ......... 11
Obligation to declare files ............................................. ............................................ 12
Permission to access .............................................. .................................................. ......................... 12
Right to rectify data ............................................ ........................................... 13
Communication of data to third parties ............................................ .................................... 13
After the end of the employment relationship ........................................... ............................................ 14
Storage ................................................. .................................................. ...................... 14
Placement of personnel and rental of services ........................................... ....................... 14
Permission to access .............................................. .................................................. ......................... 14

4.
4.1
4.2
4.3
4.3.1
4.3.2
4.3.3
4.4
4.5

Use of workplace monitoring and control systems ............... 15
General remarks ................................................ .................................................. ......... 15
Some examples ................................................ .................................................. ............ 15
Telephone data recording .............................................. ............................ 16
Subscriber numbers .............................................. .................................................. ................ 16
Content of conversations ............................................... .................................................. . 16
Prohibition of private communications .............................................. ................................ 16
Surveillance for security reasons ............................................ ................................ 17
Directives of the International Labor Organization .......................................... .................. 17

5.

Conclusion ................................................. .................................................. ........................ 19

6.
6.1
6.2

Annex ................................................. .................................................. .............................. 20
Legislative acts ................................................ .................................................. ................... 20
Works ................................................. .................................................. ............................ 20

2/20

Page 3

1. Introduction: data protection at the place
working
The federal law of 19 June 1992 on data protection (LPD), the revised version of which entered into
force on 1 st January 2008, governs the processing of personal data by private persons. It
regulates in particular the processing of data that employers (hereinafter employers)
deal with their employees (hereinafter employees).
This guide is intended for both employees and employers; in particular he answers questions
following:
• What data is the employer authorized to process?
• How should he proceed?
• Is it required to inform its employees about this data processing?
• Should he save his personnel files?
• How long can the data it processes be kept?
In the first part, the guide provides an overview of the main legal standards applicable to the protection of
tion of data in employment reports. In the second part, he comments on some examples
concrete data processing, from the submission of an application until the termination of the reports
of work, through engagement. Finally, it examines the question of the use of monitoring systems.
control or monitoring of workstations.
A separate guide covers the use of internet and e-mail in the workplace and specifies
the conditions under which the employer can monitor Internet browsing and electronic mail
nique of its staff. This guide can be consulted on the site www.leprepose.ch.

3/20

Page 4

2. Processing of personal data in general
This chapter comments on the legal provisions applicable to data protection on the
workplace, in particular those of the Data Protection Act and Art. 328b of the code of
obligations 1 .

2.1 Federal Data Protection Act
Data processing carried out by private employers is mainly governed by the principles
general defined in the matter (art. 4 to 7), by the provisions relating to the right of access (art. 8 and 9) and
by the provisions on the processing of personal data by private persons (arts. 12 to 15).

2.1.1 General principles of data processing
Art. 4 to 7 LPD set out the principles that the employer must respect when processing personal data.
nelles.
Personal data can only be collected lawfully . In other words, they cannot
may be obtained by threat or deception, or without the person concerned being informed. The Treatyment of the data must be carried out in accordance with the principle of good faith , i.e. it must
be recognizable to the person concerned. Data processing must also respect the principle of
proportionality , which means that if as much data has to be processed as required by the specific case, it
also need to process as little data as possible.
The collection of personal data and in particular the purpose of their processing must be acknowledged.
sands for the affected person. The requirement of recognizability introduced by the revision of the LPD
embodies the principle of good faith and thus aims to make data processing more transparent.
This principle means that the data subject must be able to recognize, under normal conditions,
that data concerning it has been or could be collected (predictability). This person must
in particular to know the purpose of the data processing or to be able to note that the purpose was indicated during
collection or as the circumstances show.
The LPD lays down other general principles: only correct data can be processed.
mentally; data should only be processed for the purpose indicated when it was collected; if donations
born must be communicated abroad, it must be ensured that the personality of the persons involved
identified will not be threatened. In certain cases, the communication of data abroad
must be previously declared to the Federal Data Protection and Transparency Officer.
Finally, the LPD requires that personal data be protected by technical and orderly measures.
appropriate organizational measures against unauthorized processing, which means, for example, that
only authorized persons will be able to have access to a database.
You will find more information on these different points in the other guides of the Agent.
federal data protection and transparency, in particular in the Guide to the processing of

1

Art. 328b: 3. When processing personal data. The employer can only process data concerning the worker
insofar as these data relate to the worker's aptitudes to perform his job or are necessary for the performance of the
employment contract. In addition, the provisions of the federal law of June 19, 1992 on data protection are applicable.
4/20

Page 5

personal data in the private sector, in the Guide to personal data processing
in the federal administration and in the Guide to technical and organizational measures
Data protection.

2.1.2 Processing of personal data by private parties
According to art. 12 LPD, the processing of personal data by private persons is permitted for
as long as it does not unlawfully harm the personality of the persons concerned. There is infringement
unlawful personhood when personal data is processed in violation of the general principles
to the aforementioned or against the express will of the person concerned. There are also atunlawful personality tint when personality profiles or sensitive data such as
political opinions or data relating to health, are transmitted to third parties without a justifiable reason.
ficative. On the other hand, there is no unlawful infringement of personality when the person concerned has made the
data accessible to everyone and has not formally opposed their processing.
Processing of personal data is permitted when justified, for example, by consent
of the data subject, by an overriding private or public interest, or by law (art. 13, para. 1, LPD).
Art. 13 lists several other cases in which the overriding interest of the person dealing with
personal data can be relied on. The judge decides in the case in point whether there is a justifiable reason or
no.
Applied to the labor sector, these provisions mean that the employer has an overriding interest in the
processing of data relevant to work within the limits of article 328b CO.

2.1.3 Responsibility
It is the responsibility of the controller of the file, i.e. the person who decides on the purpose and content of the file (art.
3, let. i, LPD), to ensure that the data protection provisions are respected. This
rule also applies when data processing is entrusted to a third party (to a data center,
for example). The principal is required to ensure that no processing is carried out other than that
which he himself is entitled to perform (art. 10a, para. 1, letter a, LPD).
The same applies when a group of companies entrusts all or part of the management of its personnel to
one of its subsidiaries. The latter are in fact considered as third parties with regard to the legislation.
on data protection.

2.1.4 Consequences of personal injury
Art. 15 LPD makes it possible to initiate actions or take measures in order to protect the personal
you. The data subject may demand that the data concerning him be rectified or destroyed, or
that their communication to third parties is prohibited. It can also bring an action for damages.
and interest or appeal.
Whether a method of treatment is likely to harm the personality of a significant number
of persons (Art. 29, para. 1, letter a, LPD), the Federal Data Protection and Transparence may establish the facts on its own initiative or at the request of third parties and, where appropriate, issue
a recommendation against the faulty file master.

5/20

Page 6

The person concerned can also initiate criminal proceedings for breach of the duty to discreation (art. 35 LPD).
The legal remedies provided for in the labor law (LTr, in particular art. 59) are reserved.

2.2 Code of Obligations

2.2.1 Protection of the employee's personality
By virtue of art. 328, al. 1, of the Code of Obligations (CO), the employer must, in the employment relationship,
protect and respect the personality of the employee. This provision induces a general obligation
of assistance from the employer vis-à-vis its employees, an obligation which is the counterpart of the duty to
loyalty assigned to the employee by art. 321a CO. The employer must refrain from any personal injury
nature of the employee which is not justified by the employment contract. He also has a duty to prevent,
within the framework of the employment relationship, only hierarchical superiors, collaborators or third parties
do not affect the personality of the employee.
The employer's general duty of assistance - which is also defined as the duty to abstain
of anything that could harm the legitimate interests of the employees - leading among other things to
restrict the processing by the employer of employee data. The personal situation of
the employee, his qualities and inclinations, unless they have a major influence on his skills.
professional terms, do not concern the employer in any way, who must not question the employee or seize
of data on this subject (art. 328b CO). It is forbidden to circumvent this standard by entrusting to third parties
(for example to evaluation companies) of data processing that the employer is not in
right to perform himself (Art. 10a, para. 1, letter a, LPD).
The CO also assigns the employer the obligation to inform employees about their rights.
The employer must therefore inform employees about the scope of social benefits provided by
the company, on the conditions of access to these services and on the social institutions at its disposal.
Likewise, he must inform them of the rights conferred on them by the law on data protection, in particular
the right of access.

2.2.2 Restrictions on data processing
Art. 328b CO, enacted specifically for the employment contract, entered into force at the same time as
data protection law. It specifies the general principles of data processing set out
cés to art. 4 LPD, in particular the principle of proportionality. According to the CO, the employer cannot process
of data concerning its employees only within well-defined limits and only within the
two following cases:
• before the conclusion of the employment contract and during its execution, it may process data concerning
the candidates (hereafter candidates) in order to determine whether they are suitable for the
position in question;
• during the duration of the engagement, it can process the data relating to the employee which are necessary
necessary for the performance of the employment contract.
It can in no case be derogated from art. 328b CO to the detriment of the employee, even if the latter
consent (art. 362 CO).
6/20

Page 7

2.3 Other provisions
Other provisions regulating in particular the communication of data by the employer to
authorities are set out in special laws such as the AVS legislation. Ordinance 3 relating to
the 1993 Labor Act contains an important provision on the supervision of employees (see ch.
4).
In some cases, the employer may also violate penal provisions, in particular
those which regulate the violation of the secret domain or the private sphere (art. 179ss CP).

7/20

Page 8

3. What are the authorized data processing operations?
This chapter examines the different stages of the employer / employee relationship, from the process
duration of the selection of candidates until the end of the employment relationship, including the professional engagement
previously said. In general, you should know that sensitive data and personality profiles
relating to the employee can be dealt with both during the candidate selection process and
for the duration of the employment relationship and after its termination.

3.1 During the candidate selection process

3.1.1 Publication of a job offer
Job offers are sometimes published in the form of classified ads, without indication of
the employer or the company recruiting the staff. Employment agencies and service providers
vices do not have the right to adopt such a practice. According to art. 7, al. 1, and 18, al. 1, of federal law
rale on the service of employment and the hiring of services (LSE), in fact, the agent or the lessor cannot
publish job offers or applications only under their own name and indicating their address
exact. In addition, service providers should clearly state in announcements that contractors
valuers will be engaged for the rental of services (art. 18, para. 1, LSE).
If the employer, despite repeated requests, has not returned their application files to employees
people who responded to the ad, the publisher of the newspaper or the company that published the ad must
communicate to said persons the identity of the employer. This is the only way for applicants to
post to assert their right of access.

3.1.2 Application file and interview
The application file can only be viewed by authorized persons, that is to say, generally
ral, by the personnel department or by the hierarchical superior.
The employer can only ask the candidate for the information he needs to determine whether this
the latter meets the requirements of the position given the nature of the business. Only can therefore
be required the documents and information intended to establish the candidate's ability to fulfill
these requirements. When the position to be filled is a cashier position, for example, the employer can
ask if he has ever been convicted of breach of trust. But systematically question the candidats on their criminal record would go far too far.
Questions concerning training as well as career paths and professional prospects are
generally authorized. On the other hand, questions about income, possible debt, illnesses
existing or an ongoing pregnancy are only admitted if special reasons require it in view of the
of the position to be filled.
Questioning a candidate about a possible pregnancy discriminates against women and therefore
inadmissible, unless there is an objective risk to the health of the mother or child, or the
pregnancy prevents the person concerned from performing the work in question, as would be the case, for example,
for a job as a model or a dancer. Issues of gender equality are exaggerated.
mined in a notice which can be consulted on the site www.leprepose.ch.
8/20

Page 9

Questions concerning the origin, membership of a company or an association (trade union, for example,
example), religion, philosophical or political convictions are only admitted if they
impose themselves with regard to the “ideology” of the company.
Candidates are not required to answer questions unrelated to the position to be pursued.
see. They even have the right to give an incorrect answer to protect themselves from possible harm.
(right to lie for self-defense), since they generally cannot refuse to
answer a question. An incorrect answer to an unauthorized question cannot therefore lead to
revocation of the contract for fraud (art. 28, para. 1, CO). Applicants who must answer a question
unauthorized can use the legal remedies mentioned in ch. 2.1.4.
If the potential employer wants to take information from third parties - from the current or
the former employer, for example - he must first obtain the consent of the candidate. It goes without
say that the current or former employer cannot give any information to the new employer without
the consent of its employee or example. In addition, the information communicated must relate to
ter exclusively on the decisive indications for the activity in question (services and behavior
ment of the employee at his place of work, for example). The current or former employer must not allow
the consultation of the personal file of his employee or exemplified, nor communicate the conditions of
his employment contract, this type of information being likely to considerably weaken the position
of the candidate.
Candidates have a duty to provide information to the employer to whom they are applying. They must
answer honestly all the questions that the latter is authorized to ask them. They must also
spontaneously provide information relating to the essential skills that the employer is founded
to require of the candidate (this is the case, for example, if a driver is struck by the withdrawal of a driver's license
at the time of taking up their duties, or if the person hired must be hospitalized for a long
duration immediately after taking office).
If the candidate provides false information or withholds important information, the employer may
revoke his contract with retroactive effect and claim damages.

3.1.3 Recruitment tests
During the candidate selection process, care must be taken - in the interests of the employer, but
also by correction towards the candidates - that the evaluation provides objective, reliable results
and valid. Also tests such as graphological analyzes, psychological aptitude tests,
assessments made by assessment centers, personality tests or
Are biological questionnaires permitted only if they serve the intended purpose and are conducted and
analyzed by professionals.
The procedure must not affect the personality of the candidates (no question relating to the
private sphere, personal convictions or the health of the person concerned, for example).
A candidate cannot be subjected to a test without his agreement. In addition, he must be able to understand what
the selection method aims to establish and assess the extent to which the test relates to training
or the activity considered. It is only on this condition that he can freely decide whether he will submit.
or not to the assessment process, and what information he will be willing to reveal about it. Finally, the
candidates must have access to the results of their tests.

9/20

Page 10

If a handwriting test needs to be done, it should be indicated in the job posting so that the
candidates have the opportunity to oppose it. You must refrain from using the handwritten letter for the test
graphological.

3.1.4 Health / Insurance questionnaire
Applicants are often called upon to complete a health questionnaire so that insurance
daily allowances, for example, can determine the conditions under which they can be
put in the crate. The employer must not have access to these documents. If the company has its own
sickness fund, care must be taken to ensure that there is a strict separation between the staff and the
personnel department, on the one hand, and those of the administrative services of the fund, on the other hand. This costs
also for the processing of insurance data during and after the employment relationship (see ch.
3.2 and 3.3).

3.1.5 Qualifying medical report
The employer does not have the right to inquire himself about the health of the candidate. On the other hand, it may exist
manage the production of a medical report on the candidate's suitability for the job in question.
If the candidate is subjected to a medical examination, the doctor is bound by medical confidentiality. It must therefore not
communicate to the employer only those of its conclusions which concern the suitability of the candidate for
per the post considered; it should not communicate any diagnosis. This rule also applies when
the medical examination is carried out by the company doctor.

3.1.6 Genetic analysis
The employer cannot require a candidate to undergo a genetic analysis. It cannot be
exception to this principle is that if the person concerned is called upon to occupy a post presenting risks to
others, and only when a genetic analysis can establish with certainty whether its commitment
management generates a direct risk to the security of third parties; but even in this case the candidate must have
expressly consented to be tested. The results of the analysis should only be transmitted to the persounds concerned.

3.1.7 Drug testing of apprentices
The employer has the right to order a drug test only if the safety interest
is preponderant in relation to the protection of the personality and that the apprentice has given his consent
is lying. The doctor is however only authorized to communicate to the employer the report concerning
the apprentice's suitability for the post in question; he is not authorized to give any information relating to
tives to possible drug use. Even if he asks for a test, the employer is not
linked to the obligation to take the necessary measures to ensure safety at work. These tests do not
are therefore only complementary. The apprentice must be notified in advance of the purpose and consequences
screening test. If he does not give his consent, he cannot be compelled to undergo the test,
but he must expect to have to bear the consequences provided for in the contract. Consent must
be free, specific and express. It is only considered valid if the apprentice has been informed of the aim and the consequences.
quences of the test. Consent alone does not represent a valid justification for proceeding
to a screening test; indeed, if the security interest is not preponderant, the protection
immutable personality takes precedence over other interests of the employer. If the interest in
10/20

Page 11

safety is not paramount, the screening test constitutes a disproportionate harm to the
apprentice character, in particular because safety can also be effectively ensured by
other measures.

3.1.8 Placement of personnel and rental of services
As a rule, employment agencies and rental service companies (see list on the website
web of the State Secretariat for Economic Affairs [www.admin.ch/seco]) are only authorized to process data
relating to job seekers or employees only if they have given their consent (art. 19, para.
1, and art. 47, al. 1, of the Ordinance on the employment service and the rental of services; OSE), and uniqueto the extent and for as long as these data are necessary for the placement or rental.
tion of services. Investment companies are required to keep confidential the data relating to
their customers (art. 7, para. 3, LSE).
The consent of the data subject is necessary in particular to transmit the data to other
agencies or legally independent business partners, to request advice or
references on the jobseeker, or to transmit data abroad (art. 19, para. 1, and art.
47, al. 1, OSE). Personnel placement or service hire companies that want to deal with
data not directly related to the engagement must obtain express consent
of the employee.
The investor or the lessor is not bound to request the agreement of the persons concerned to communicate
quer data concerning job seekers or employees to employees of its
own agency, to transmit this data to a client or to a company renting services in
view of the conclusion of a contract, nor to communicate them to a wider circle of customers or
potential companies insofar as the data considered does not allow the identification of the
job seeker or employer (art. 19, para. 2, and 47, para. 2, OSE).

3.1.9 Non-engagement
At the end of the selection procedure, the documents submitted by the persons whose application has been
discarded must be returned to them and the copies, if any, destroyed immediately. The employer
can only keep the documents that belong to him, that is to say the letters of application, the
staff questionnaires, handwriting tests and information gathered as a result of
reference mandates. But these documents and information, as well as the data relating to the
health, must be destroyed.
If the candidate consents - and on this condition only - they can be kept for a period of time.
period determined in advance when there is reason to believe that they will have to be reused in the near future.

3.2 During the employment relationship

3.2.1 Personnel files
During the working relationship, a personal file is established on each employee. This
file must contain only the data essential for the execution of the employment contract. Any file
"Gray" (unofficial parallel file containing "confidential" information to which the perpersons concerned do not have access) is prohibited.
11/20

Page 12

The main documents and data contained in personnel files are contact details and
the address of the person concerned, the application file, the references requested about the candidate, the
handwriting tests and other tests he has undergone, the employment contract, information relating to
work stoppages and vacations, salary and insurance data, appraisals,
development course and career plan, disciplinary measures (warning, reprimand,
fine), correspondence between the employee and the employer, notes made following events
individuals, register extracts and medical certificates. You have to sort regularly - both

years, in general - personnel files in order to remove unnecessary documents. The data contains
in these files must be handled only by the personnel department and not be accessible
sibles that to the services founded to use them by the functions which they exercise.

3.2.2 Obligation to declare files
Private persons are required to declare their files according to article 11a, paragraph 3, LPD, if they
regularly process sensitive data or personality profiles (article 3, letters c and d,
LPD) or if they regularly communicate personal data to third parties. Which is the case
normal for an employer. It manages the files relating to its personnel and thus holds
all the data such as the curriculum vitae, basic and continuing education,
assessments relating to performance and behavior, work certificates, etc. Likewise, it
regularly communicates personal data to third parties such as social insurance, institutions
provident funds, accident insurance, etc.
However, with regard to personnel files, the employer is not obliged to declare these
last, because it processes this personal data under a legal obligation. Various laws in the
area of ​the Code of Obligations (CO), social insurance law and tax law oblige direcmentally or indirectly the employer to enter data concerning the employee in order to transmit them
regularly to the authorities in case of necessity. This is why a derogation from the obligation to
declaring the files provided for in article 11a, paragraph 5, letter a, LPD is justified.
Article 11a, paragraph 5, letter a, LPD also leads in different categories of professions to such
release from the duty to declare files. Lawyers, in accordance with the federal law on free movement
lation of lawyers, are required to exercise their profession with care and diligence. Record keeping corrects, complete and consistent regarding each case is an integral part of this obligation; in this sense,
this data processing is based on a legal obligation and derogates from the obligation to declare
les.
The same is true of medical records or files that physicians are required to keep by law.
cantonal sanitary facilities.
It goes without saying that this exception does not apply to all files belonging to employers or
categories of professions mentioned above. If people keep files that are not based on
legal obligations (e.g. for establishing customer profiles or for other services), they must
declare them to the agent in accordance with article 11a LPD.

3.2.3 Right of access
Employees have the right to be informed about the contents of their file. If they apply
for this purpose (art. 8, para. 1, LPD), the employer may not refuse, restrict or postpone the communication of
information requested only exceptionally and for serious reasons (art. 9, al. 4, LPD). In order to
safeguard the overriding interest of the employer, employees have no right of access to the notes that
the employer established for personal purposes and which are not disclosed to third parties; they cannot
12/20

Page 13

Nor do you see any records relating to staffing requirements planning or plans.
career, nor those relating to current proceedings.
Personnel records should be kept in such a way that the employee can be informed about
all the data it contains and that its right of access is restricted only if the circumstances
exceptional demands. The employer can restrict this right only to protect his interests.
or the preponderant interests of a third party (art. 9, para. 1, letter b, et al. 3 DPA). Author's name
handwriting expertise can, for example, be masked if the latter's interests so require.

3.2.4 Right to have data rectified
The employer has the right to process data on his employees only if this data is correct. It is
required to regularly check that they are correct.
If the employee finds that his file contains inaccurate data, he can demand that it be corrected.
(art. 5 LPD). If his file contains data that the employer is not authorized to collect or use
ser, the employee can request that this data be erased.
The employer is also required to verify the accuracy of the assessments made in the certificates or
staff evaluations and, if necessary, make the necessary corrections. Three cases can
to present oneself:
• purely subjective assessments (eg “this person is unpleasant to me”). As it is impossible to verify the accuracy of these assessments, they are not relevant for the assessment
of the person concerned and therefore have no place in the personnel files;
• subjective assessments based on objective criteria (eg “does not provide the services
required "," is prone / prone to laziness "," is not reliable "). Although this assessment is subjective, it is possible to check whether it is based on objective criteria and whether it is shared by
some thirds. If so, it can be considered correct; otherwise, it is necessary
rectify it;
• ratings whose accuracy cannot always be established (eg “could do better”).
When the data subject disputes the merits of the assessment, he or she has the right to demand that he
or state its contentious nature in the file (art. 15, para. 2, LPD).

3.2.5 Communication of data to third parties
The communication by the employer of personal data to third parties can easily lead to a
personality impairment. Caution is therefore in order.
In general, the employer cannot communicate any information to third parties without the consent of the employer.
of the person concerned. This rule also applies when another organ of the same group
companies or, if the contract has been terminated, a potential employer want to obtain information
mentions about the employee or the former employee.
The employer may not communicate data without the consent of the data subject that
when the law requires it, as is the case for data intended for AVS. The commuDisclosure of sensitive data and personality profiles is fundamentally prohibited (art. 12, para.
2, let. c, LPD).
13/20

Page 14

The widespread practice of providing information about an employee's income
to third parties (donors or credit card organizations, for example) is against the law. This information
Information must be requested directly from the person concerned.
No personal data can be communicated abroad if the personality of the person
concerned would be seriously threatened, in particular because the country in question has no
slation ensuring an adequate level of data protection.
In the absence of such legislation, personal data cannot be communicated to
the foreigner only if one of the conditions listed in art. 6, al. 2, LPD is fulfilled (e.g. the consent
of the data subject, a contract relating to data protection or the rules of
tection of data issued by a group of companies). The Federal Data Protection Officer
born and transparency must be informed of the guarantees given under art. 6, al. 2, let. a, and
data protection rules referred to in art. 6, al. 2, let. g.
You can find detailed information on the rules governing data communication at
abroad in our explanations and our brief commentary on the site www.leprepose.ch.

3.3 After the end of the employment relationship

3.3.1 Conservation
When the engagement has ended, only essential data such as
data to be kept by virtue of a legal obligation or data whose retention is in the interest
of the employee (documents necessary for the establishment of a certificate, for example). Can also
be kept the data that the employer needs for a pending dispute.
The retention period is defined on a case-by-case basis, depending on the category of data. She will
generally set at 5 years. It may be exceptionally extended to 10 years, if the law so prescribes, by
example. In other cases, the data must be destroyed as soon as they are no longer kept.
required.

3.3.2 Placement of personnel and rental of services
As soon as a person has been placed or their placement mandate terminated, or when their
work have been terminated, the employment agency or the service hire company cannot deal with
data concerning her only if she has given her written consent (art. 19, para. 3, and art. 47, para. 3, OSE).
The person concerned can withdraw their consent at any time; she must be informed of this right
(art. 19, para. 4, and art. 47, para. 4, OSE).

3.3.3 Right of access
The employee retains the right of access set out in art. 8 LPD even when his employment relationship ended.

14/20

Page 15

4. Use of monitoring and surveillance systems
At work
4.1 General remarks
All technical devices which allow control and surveillance are considered to be control and surveillance systems.
observe, separately or in aggregate, the activities and behavior of employees.
The employer is not allowed to use systems designed to monitor employee behavior
at their workstation because of the health risks these systems may present (art. 26
of Ordinance 3 on the Labor Law).
The use of control and surveillance systems is authorized either for security reasons,
either to measure the output delivered (for example, to determine the number of keystrokes per day in
a text entry system). However, the employer can only use them after having informed the employees.
affected and that for a defined period of time. You will find further information
in the directive of the State Secretariat for Economic Affairs concerning Ordinance 3 of the Labor Act.

4.2 Some examples
Control and monitoring can be provided by telephone exchanges, by systems
IT or other systems which are not primarily intended to monitor personnel,
but can be used for this purpose.
Small, inexpensive telephone exchanges now allow incoming calls to be recorded.
and who go out, the number of subscribers, the duration and the price of each call, and to establish a
vé of these calls. Often, one can even listen to telephone conversations without difficulty.
without the knowledge of the persons concerned.
Computer systems also offer many possibilities for control and monitoring. They
allow for example to know when a computer is used, if configurations are modified,
which programs the user has started or exited and which activities have been carried out in a
determined gram (change of recordings, number of keystrokes per minute in a
word processing, etc.). E-mail can also be opened and read easily. The PFPDT
has published a guide that specifies the conditions under which the employer can monitor the use
Internet and e-mail in the workplace; this guide can be consulted on the website
www.leprepose.ch.
It should be noted that other systems such as photocopiers, fax machines, data entry systems
of working time and work monitoring, access controls or counters can be used
for surveillance purposes, in particular if they are equipped with an electronic access code or an account
automatic tor.

15/20

Page 16

4.3 Recording of telephone data
The recording of telephone data should not be used to monitor the behavior of the callers.
bent. With regard to telephone numbers and telephone conversations, the following principles
must be respected.

4.3.1 Subscriber numbers
The list of subscriber numbers for calls made for professional reasons is
permitted insofar as it is carried out not to control the behavior of employees, but
well for professional reasons (in order to invoice the communication to the customer, for example).
Employees must be informed of the preparation of the statement.
If the employer allows occasional private telephone calls, requested numbers or
Subscriber numbers of received calls should not be recorded. The codes may possiblybe registered.
If the phone number is displayed automatically, it must be ensured that the display can be
deactivated by both correspondents. Transferring a call to an extension other than the one whose number
number has been dialed must be signaled in time so that the originator of the call can interrupt the call.
nication.

4.3.2 Conversation content
The content of telephone conversations may only be recorded for performance monitoring purposes.
mances (telephone sales, training, etc.) or preservation of evidence. This measure of conextreme control is only allowed if it complies with general data protection principles
as well as art. 26 of Ordinance 3 on the Labor Law. If employees need to be informed
and that monitoring should not be constant or systematic, the implementation of this framework
can be done in many different ways. The person whose conversation is being listened to or
recorded must be informed in good time and clearly, for example by means of an optical signal or
acoustic each time it is listened to or on the intranet site of its employer, for the period (limited
during which it will be subject to such surveillance.
Calling back for control of called subscribers and listening to conversations between employees (at
using a specially equipped intercom, for example) are prohibited in all circumstances.

4.3.3 Prohibition of private communications
The ban on private communications must be enforced by means other than surveillance
telephone communications. For example, you can have external communications established by
a central office or limit the possibility of making external calls to certain extensions.
If private communications are prohibited, employees must be able to make phone calls
from an unattended position during breaks or in an emergency.
The data protection officer of the Confederation and the cantons have published a checklist
on telephone monitoring at the workplace; this document can be viewed on the website
www.leprepose.ch.
16/20

Page 17

4.4 Monitoring for safety reasons
If surveillance systems are used for security reasons, care must be taken to ensure that they remain
affect the employee as much as possible.
If, for example, a department store provides anti-theft surveillance by means of video cameras, it must
avoid, as far as possible, that employees are in the field of the camera.
This rule also applies to production guidance systems. If it is necessary to
take care of the person concerned to guarantee safety, in particular to be able to intervene in the event of a
management, consideration should be given to the possibility of monitoring by other means (for example, signal
transmitted at regular intervals in response to a message, otherwise the alarm is triggered).

4.5 International Labor Organization guidelines
The International Labor Organization (ILO) has established guidelines 2 which specify the principle of
respectful use of control and monitoring systems. These 33 guidelines are the
following:
• the employee has the right to respect for his private life at his place of work;
• the employee must know what electronic monitoring means the employer uses and what use he
makes the data that it collects during this surveillance;
• the employer must limit as much as possible the use of electronic surveillance means and
inspection of files, network communications and e-mail. Any monitoring
permanent electronic lance is prohibited;
• the employee should be involved in decisions made as to when electronic monitoring or
the inspection of the data will take place, and as to how it will be operated;
• data can only be collected and used for well-defined purposes directly related to
work;
• monitoring or inspection cannot take place without informing the employee beforehand.
that if there are serious indications that there is criminal activity or abuse;
• the assessment of the employee's performance should not be based solely on the results of a
surveillance;
• the employee has the right to consult the data collected about him within the framework of surveillance
electronic, to challenge them and have them corrected;
• recordings which are no longer necessary for the purpose for which they were made must be
destroyed;

2

These directives follow on from the recommendation of the Council of Europe N ° R (89) 2 of 18 January 1989 on the protection of
personal data used for employment purposes
3 These directives follow on from the recommendation of the Council of Europe N ° R (89) 2 of 18 January 1989 on the protection of
born of a personal nature used for employment purposes.
17/20

Page 18

• data collected in the context of surveillance that allows individual identification of
employees should not be disclosed to third parties, unless there is a legal obligation
requires it;
• employees and future employees cannot waive their right to protection of the sphere
private;
• hierarchical superiors who do not respect these principles are exposed to disciplinary sanctions.
or dismissal.

18/20

Page 19

5. Conclusion
While the employer is primarily responsible for data protection at the workplace, employees
employees or future employees can also ensure that their data is processed in
the rules and erased within the prescribed period.
Data processing must be carried out within reasonable limits and be proportionate to the
goal pursued. The development of surveillance possibilities requires strict observance of this principle.
The relationship of trust between employer and employee determining the quality of the work provided in
company, it is essential that the employer always accurately informs employees of the processing
of data to which it proceeds and of the rights which they have.
If you want detailed information on data protection in the workplace,
please consult our website www.leprepose.ch and the works cited in the appendix.
We remain at your disposal for any questions or comments concerning this guide.

19/20

Page 20

6. Annex
6.1 Legislative acts
Federal law of 19 June 1992 on data protection (LPD), RS 235.1
Ordinance of June 14, 1993 on the Federal Data Protection Act (OLPD), RS 235.11
Message of 23 March 1988 concerning the federal law on data protection, FF 1988 II, p. 421 ff
Federal law of 6 October 1989 on the employment service and the hiring of services (LSE), RS 823.11
Ordinance of 16 January 1991 on the employment service and the hiring of services (Ordinance on the
employment service, OSE), RS 823.111
Ordinance 3 relating to the labor law of August 18, 1993 (Hygiene, OLT 3), RS 822.113
Worker surveillance, in: SECO, Occupational health. Commentary on ordinances 3 and 4 of the law
on work, 2nd edition, Bern 1999
Council of Europe Recommendation N ° R (89) 2 of 18 January 1989 on the protection of personal data
personal character used for employment purposes.

6.2 Works
Hans Ueli Schürer, Datenschutz im Arbeitsverhältnis, Zurich 1996.
Daniel Brand et al., Der Einzelarbeitsvertrag im Obligationenrecht. Kommentar zu den Art. 319-346a,
361/362 GOLD
Christiane Brunner, Jean Michel Bühler, Jean-Bernard Waeber, Commentary on the employment contract, 2nd
edition, Lausanne 1996
Gabriel Aubert, Data protection in labor relations, in: 1995 Day of Labor Law
vail and social security, Arbeitsrecht in der Praxis, vol. 15, Zurich 1999.
Henning Hustedt, Reinhard Hilke, Renate Ibelgaufts, Einstellungstests und Vorstellungsgespräche, NieDernhausen 1992.
International Labor Office, Workers privacy, Part I: Protection of personal data, Part II: Monitoring and
surveillance in the workplace, Part III: Testing in the workplace, Conditions of work digest, vol. 12,
Geneva 1993.
Frank Vischer, Der Arbeitsvertrag, 2nd edition, Basel 1994.
Federal Data Protection and Transparency Officer, Report on drug screening tests
drug use during apprenticeship, Bern 2001, www.leprepose.ch.
20/20

