Ordinance
on Data Protection
(Data Protection Ordinance, DPO)

¹ If a large volume of sens­it­ive per­son­al data is pro­cessed by auto­mated means or if high-risk pro­fil­ing is car­ried out and if pre­vent­ive meas­ures are un­able to guar­an­tee data pro­tec­tion, the private con­trol­ler and its private pro­cessor must as a min­im­um / log the stor­age, al­ter­a­tion, read­ing, dis­clos­ure, de­le­tion and de­struc­tion of the data. A log file must in par­tic­u­lar be kept if oth­er­wise it would not be pos­sible to es­tab­lish wheth­er the data has been pro­cessed for the pur­poses for which it was col­lec­ted or dis­closed.

² The re­spons­ible fed­er­al body and its pro­cessor shall in the case of auto­mated pro­cessing of per­son­al data log as a min­im­um the stor­age, al­ter­a­tion, read­ing, dis­clos­ure, de­le­tion and de­struc­tion of the data.

³ In the case of per­son­al data that are gen­er­ally ac­cess­ible to the pub­lic, logs shall be kept as a min­im­um of the stor­age, al­ter­a­tion, de­le­tion and de­struc­tion of the data.

⁴ The log file must provide in­form­a­tion about the iden­tity of the per­son that car­ried out the pro­cessing, the form, date and time of pro­cessing, and, if ap­plic­able, the iden­tity of the re­cip­i­ent of the data.

⁵ The log files must be re­tained for at least one year and kept sep­ar­ate from the sys­tem in which the per­son­al data are pro­cessed. They may only be made ac­cess­ible to the bod­ies and per­sons that are re­quired to re­view the ap­plic­a­tion of the data pro­tec­tion reg­u­la­tions or to safe­guard or re­store the con­fid­en­ti­al­ity, in­teg­rity, avail­ab­il­ity and trace­ab­il­ity of the data, and may only be used for this pur­pose.