Federal Act
on Data Protection
(Data Protection Act, FADP)

¹ A breach of per­son­al­ity rights is un­law­ful un­less it is jus­ti­fied by the con­sent of the data sub­ject, by an over­rid­ing private or pub­lic in­terest, or by the law.

² The con­trol­ler may have an over­rid­ing in­terest in the fol­low­ing cases in par­tic­u­lar:

a.

The con­trol­ler pro­cesses per­son­al data re­lat­ing to a con­tract­ing party in dir­ect con­nec­tion with the con­clu­sion or the per­form­ance of a con­tract.

b.

The con­trol­ler is or in­tends to be in com­mer­cial com­pet­i­tion with an­oth­er per­son and for this pur­pose pro­cesses per­son­al data that are not dis­closed to third parties; leg­al en­tit­ies that be­long to the same group of com­pan­ies as the con­trol­ler are not re­garded as third parties for the pur­poses of this pro­vi­sion.

c.

The con­trol­ler pro­cesses per­son­al data to veri­fy the cred­it­wor­thi­ness of the data sub­ject, provided the fol­low­ing re­quire­ments are sat­is­fied:

1.

The mat­ter in­volves neither sens­it­ive per­son­al data nor high-risk pro­fil­ing.

2.

The data are only dis­closed to third parties if the third parties re­quire the data for the con­clu­sion or the per­form­ance of a con­tract with the data sub­ject.

3.

The data are no more than ten years old.

4.

The data sub­ject has at­tained the age of ma­jor­ity.

d.

The con­trol­ler pro­cesses the per­son­al data pro­fes­sion­ally and ex­clus­ively for pub­lic­a­tion in the ed­it­or­i­al sec­tion of a peri­od­ic­ally pub­lished me­di­um or the con­trol­ler uses the data, if they are not pub­lished, as an aid to their own per­son­al work.

e.

The con­trol­ler pro­cesses the per­son­al data for pur­poses not re­lated to spe­cif­ic per­sons, in par­tic­u­lar for re­search, plan­ning or stat­ist­ics, provided the fol­low­ing re­quire­ments are sat­is­fied:

1.

The con­trol­ler an­onymises the data as soon as the pur­pose of pro­cessing per­mits; if an­onym­ity is im­possible or if it re­quires dis­pro­por­tion­ate ef­fort, the con­trol­ler shall take ap­pro­pri­ate meas­ures to pre­vent the iden­ti­fic­a­tion of the data sub­ject.

2.

If the mat­ter in­volves sens­it­ive per­son­al data, the con­trol­ler shall dis­close such data to third parties in such a man­ner that the data sub­ject is not iden­ti­fi­able; if this is not pos­sible, it must be guar­an­teed that the third parties only pro­cess the data for pur­poses un­re­lated to the data sub­ject's per­son.

3.

The res­ults are pub­lished in such a man­ner that data sub­jects are not iden­ti­fi­able.

f.

The con­trol­ler col­lects per­son­al data re­lat­ing to a pub­lic fig­ure that re­late to that per­son's pub­lic activ­it­ies.