Swisscom is legally obliged to record personal data for the signature. Therefore, we are responsible for this data, and we can not take the role of a data processor, even if we receive, e.g., employee data of our customers for an electronic signature. Swisscom has a legal mandate like any other telecommunication or postal service enterprise. Additionally, we have a contractual relationship with our signatory customers as soon as they accept the terms of use of our Signing Service.
In the case of the RA app, Swisscom transfers the recording of identity data to an external service provider, which is mentioned in the RA agency contract. The GDPR of the EU requires a data processing order in this matter. Therefore, the RA agency is obliged to comply with the data processing order.
Also, our Swiss customers executing projects with us must comply with the EU's GDPR data processing order. There are two main reasons:
- There is no guarantee that persons identified in Switzerland are not EU citizens and thus are subject to the market principle of the GDPR
- Using the RA app, you can identify any person, no matter which nationality, and thus, a data processing order takes place for Swisscom IT Services Finance S.E. in Vienna, Austria.