reWork Tool Privacy Policy

Compasso Association – rework-profil.ch

Note: This Privacy Policy applies specifically to the reWork Tool at rework-profil.ch. Compasso’s general Privacy Policy applies to Compasso’s other websites (www.compasso.ch, reintegration.compasso.ch, inclusion.compasso.ch).

1. Data Controller

Compasso Association
Hegibachstrasse 47
8032 Zurich
info@compasso.ch

Compasso is responsible for the processing of personal data in connection with the operation of the reWork Tool, unless a participating employer acts as the data controller (see Section 3).

2. Purpose and Function of the Tool

The reWork Tool is a digital dialogue tool for the structured assessment of job requirements as part of vocational reintegration in cases of incapacity for work.

The tool maps job requirement profiles, not the health status of the individuals concerned. The assessment of work capacity is conducted outside the tool by the responsible medical professional. By design, the generated form contains neither diagnoses nor medical findings.

The tool can be used in two modes:

• Guest mode: no registration required, session-based. No personal data is collected or stored in the tool; entries are lost when the browser is closed.
• Registered use: with a user account. Profiles are saved and can be edited later.

3. Roles Under Data Protection Law

When an employer uses the tool in registered mode, the employer is the data controller for its employees’ personal data. In this regard, Compasso acts as a data processor pursuant to Art. 9 of the Data Protection Act (DSG), based on the Terms of Use with the Data Processing Agreement (ADV) appendix.

Compasso is the data controller for the operation of the website infrastructure, user management, and audience measurement.

In guest mode, no personal profile data is processed.

4. Processed Personal Data

When using the service as a registered user, the following personal data in particular is processed:

• Account data: email address, password (hashed), session and login data
• Employer data: Company name, contact person, position, contact information
• Employee data: First name, last name, gender, date of birth, email, phone number, address (street, ZIP code, city), reference number, and any other relevant information; working hours (workload, weekly working hours, days worked); employment details (position/occupation, department, job level, brief description of primary duties)
• Generated documents: dynamically generated PDF forms, to the extent that they contain personal data
• Technical data: IP address, browser/device information, access logs

The job requirements and general conditions recorded in the tool describe the position and do not in themselves constitute personal data.

The tool is not designed to process special-category personal data as defined in Art. 5(c) of the Data Protection Act (DSG). Users are prompted by notices within the tool not to enter any health data.

5. Legal Basis

Compasso processes personal data in accordance with the Swiss Data Protection Act (DSG) and the Data Protection Ordinance (DSV). In the case of commissioned processing, the processing is carried out on behalf of and in accordance with the instructions of the responsible employer.

6. Recipients and Processors

Compasso uses the following service providers to operate the tool:

We have data processing agreements or similar arrangements in place with these service providers.

7. Data Location and Transfer Abroad

Personal profile data is primarily stored in Switzerland (CloudSigma AG, Zug).

For certain services, processing takes place abroad:

• Auth0 (U.S./EU): authentication data (email, name, login credentials). Appropriate safeguards are in place via the Swiss-U.S. Data Privacy Framework and standard contractual clauses; a data transfer impact assessment is conducted.
• Sanity (Belgium/U.S.): exclusively public content, no personal data.
  
  

8. Retention and Deletion

Guest mode: No storage; data is lost at the end of the session.

Registered use: Storage for the user’s organization; periodic review. A notification is sent before deletion due to inactivity. Data subjects may request deletion at any time.

9. Rights of Data Subjects

Data subjects have the right, in particular, to access, rectification, erasure, restriction, and data portability under applicable law (Art. 25–29 DSG).

In the case of registered use, these rights must be exercised with the responsible employer. Compasso assists the employer in processing such requests and forwards any direct inquiries to the employer.

For processing for which Compasso itself is responsible (account, website), these rights may be exercised directly with Compasso: info@compasso.ch.

The competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC).

10. Cookies, Audience Measurement, and Behavioral Analysis

Technically necessary cookies may be used in the tool. For cookies used for audience measurement or similar purposes, consent (opt-in) will be obtained where necessary.

Services using pseudonymized data may be employed for audience measurement (e.g., Google Analytics, Matomo). Details and options for opting out are provided in the cookie notice.

If you consent to the use of cookies, we also use a behavioral analysis tool (Mouseflow) to improve the tool, which records mouse movements, clicks, and interactions. Entries in form fields are not recorded and are not visible in the recordings. You can object to this recording at any time using the provider’s opt-out option.

11. Data Security

Compasso and its service providers implement appropriate technical and organizational measures (including encryption during transmission, encryption of the database at rest, access control, and encrypted document transmission via HIN).

12. Changes

Compasso may amend this Privacy Policy. The current version published on rework-profil.ch is authoritative.

The data protection compliance of this Privacy Policy has been reviewed by datenschutzkonform.ch.