Processing by Third Parties

The conditions for “processing by third parties” as specified in § 6 IDG are met when a public body, such as UZH, tasks a third party with processing information, i.e. factual, personal and special personal data. Terms that are used synonymously include outplacement, outsourcing, commissioned work, or contract data processing.

“Third parties” include natural or legal persons and other public bodies.

Pursuant to § 3 IDG, the term “processing” refers to any instance of handling information such as obtaining, saving, using, editing, making public, granting access to, or destroying information.

Further details can be found in the guidelines on third-party processing of the Data Protection Officer of the Canton of Zurich (German).

When information belonging to UZH is processed on behalf of UZH, specific legal, technical, and organizational measures must be implemented. The corresponding requirements are specified in the Canton of Zurich’s Act on Information and Data Protection (Information und den Datenschutz, IDG) and Ordinance on Information and Data Protection (Verordnung über die Information und den Datenschutz, IDV).

In view of these circumstances, UZH has created a legally reviewed contract framework (GTCs, confidentiality declaration and fact sheet) that incorporates cantonal requirements and provide UZH staff with clear instructions on how to proceed when concluding the relevant contracts (see “Contract Framework”).

The general data protection concept of the UZH is intended for presentation to a client in case the UZH is the contractor of data processing on behalf of the client.

For information on how to use online survey tools correctly, please visit the Online Survey Tools subpage.

Further information can be found here (German).