This order regulates the criminal information system of the Federal Customs Administration (information system):

A.

The responsible authority and the organization;

B.

Purpose and content;

C.

Data processing;

D.

Persons with access rights;

E.

Data protection and security.

¹ The Federal Customs Administration (AFD) is responsible for the information system.

² On the AFD's mandate, the Federal Office for Informatics and Telecommunications (OFIT) is responsible for technical implementation and operation.

The AFD establishes a treatment regulation within the meaning of s. 21 of the Order of 14 June 1993 on the Federal Data Protection Act ¹ .

The information system should facilitate the implementation of the following tasks within the competence of the AFD:

A.

The finding and prosecution of offences;

B.

The granting of mutual legal assistance and national and international administrative assistance;

C.

The enforcement of penalties and measures and the subsequent collection of royalties;

D.

The targeted organization of customs surveillance and controls;

E.

Summary, visualization and statistical analysis of information relating to criminal proceedings and procedures for mutual legal assistance or administrative assistance.

The information system contains data concerning:

A.

Natural persons (name, first name, address, address, domicile, nationality, maiden name, loan names, date of birth, place of birth, place of origin, sex, marital status, profession, language, report, confession, name and surname of father and Mother, name and surname of spouse or registered partner, telephone, mobile telephone and fax numbers, e-mail addresses, bank details, Internet addresses, identity documents);

B.

Legal persons and associations of persons (name, name, legal form, address, seat, country, representatives or bodies, telephone, mobile telephone and fax numbers, e-mail addresses, bank details, addresses Internet, Business Identification Number);

C.

Defenders (name, first name, address or home of notification in Switzerland);

D.

Suspicions, indictments or penalties;

E.

Infringements (place, date and time of the offence, the nature of the offence, the constituent elements of the offence, type of scheme, type of traffic, types of goods, means of transport used and plates of control, hiding places, designation and Tariff items of the goods, country of origin, shipment, origin or destination, destination);

F.

Objects and evidence that are sequestered;

G.

Requests for administrative assistance and mutual legal assistance (applicant authority, date, subject of the request, nature of the measures);

H.

The conduct of criminal proceedings (preliminary investigation procedures and investigation procedures, enforcement) and procedures for administrative assistance and mutual legal assistance;

I.

Decisions (date and type of decision, date of entry into force);

J.

The collection and payment of royalties, fees, fines, pecuniary penalties and security rights, as well as the execution of sentences imposed in conversion of fines and deprivation of liberty;

K.

The specialized staff involved;

L.

Business controls and time frames;

M.

Files (file number, status of processing, return to other files).

¹ Data recorded in the information system can only be consulted and processed within the defined framework (Art. 4).

² The information system is used exclusively by AFD.

³ No networking with information systems outside AFD is permitted.

¹ Information system data can, for analysis, be transferred and processed in an external system. Such a warrant can only be carried out by duly authorized specialists in the Customs Anti-Fraud Sections, the Command of the Border Guard Corps, the Risk Analysis Section or the Criminal Cases Division of the Branch Customs (DGD).

² Data transfers that go beyond simple visualization require the agreement of the data protection advisor of AFD.

³ Data transferred to an external system must be retained and deleted in accordance with Art. 16 and 17.

⁴ The AFD rules the details in the processing regulations.

The automatic exchange of data with the information systems Finance and accounting referred to in Annex A 2 of the Order of 4 April 2007 on the processing of personal data in the Federal Customs Administration ¹ Is allowed.

Information system data can be used to compile statistics such as internal control and business planning, as well as contraband analysis. If statistics are published, the data must be anonymized.

¹ Customs offices (civilian Customs offices, Service Offices of the Border Guard Corps) can process the data in a case that they have opened themselves for as long as they are competent to do so.

² If the competence to deal with the case is transmitted to a higher office, the customs offices may, in order to observe and prosecute offences falling within the competence of the AFD (Art. 4, let. (a), consult the data referred to in s. 5, let. A, b, d to f, j and m, on the basis of the identity (name, with or without the given name or date of birth), the control plate or the file number.

³ In the files which they have not opened themselves, customs offices may, in order to observe and prosecute offences falling within the competence of the AFD (Art. 4, let. (a), consult the data referred to in s. 5, let. A, b, d to f and m, on the basis of identity (name, with or without the given name or date of birth) or of the control plate.

⁴ Customs offices may consult the data at most:

A.

For two years from the close of the proceedings if the criminal proceedings have been closed or terminated without conviction;

B.

For two years from the close of the proceedings if the criminal proceedings have been terminated by the conviction to a fine of up to 500 francs;

C.

For five years from the close of the proceedings if the criminal proceedings have been terminated by the conviction to a fine of more than 500 francs or to a custodial sentence.

The Customs Anti-Fraud Sections of the boroughs and the Criminal Cases Division of DGD can consult and process all data.

¹ AFD is setting up a helpdesk and monitoring service for the information system.

² The support and control service and the administrative services or persons responsible for verifying compliance with data protection requirements can process all data in the system Information, provided that this is necessary for their assistance and control tasks.

³ OFIT employees responsible for maintenance work can process data in the information system, provided that:

A.

This is absolutely necessary for their maintenance work;

B.

Data security is guaranteed.

Other AFD services may, on the basis of identity (surname, with or without the given name or date of birth) or the control plate, consult the data referred to in Art. 5, let. A, b, d to g and m, provided that this is necessary for the performance of their tasks within the framework defined in Art. 4, let. A and b.

¹ The rights of the persons concerned, in particular their right to consultation, rectification and deletion of data, are governed, for criminal proceedings not pending, by the provisions of the Federal Act of 19 June 1992 on Data protection ¹ And by CCA.

² For the criminal proceedings pending, these rights are governed by Art. 36 CCA on parts consultation.

³ For requests for administrative assistance, these rights are governed by the provisions of the Federal Act of 20 December 1968 on administrative procedure ² , for requests for mutual legal assistance by those of the Act of 20 March 1981 on international mutual assistance.

¹ Inaccurate data and data that do not meet the requirements of this order must be corrected or destroyed.

² The assistance and control service referred to in s. 12 regularly checks the accuracy of the data.

¹ Data can be retained:

A.

Five years from the end of the proceedings if the criminal proceedings have been closed or terminated without conviction;

B.

Five years from the close of the proceedings if the criminal proceedings have been terminated by a conviction to a fine of not more than 500 francs;

C.

For ten years from the close of the proceedings if the criminal proceedings have ended with a fine of more than 500 francs or a penalty of deprivation of liberty;

D.

During the validity of the act of default of property if the criminal proceedings have ended by an act of default of property;

E.

For five years from the transmission of data for administrative assistance and mutual legal assistance procedures.

² Where the fees due have not yet been paid in full at the time of the closure of the criminal proceedings, the time limits laid down in para. 1 only begin to run after the end of the subsequent collection procedure.

³ When there are special reasons for this, particularly in the event of a risk of re-offending, the retention period may be doubled by the DGD Criminal Affairs Division.

¹ The release of information from the information system to the Federal Archives is governed by the provisions of the Federal Act of 26 June 1998 on Archiving ¹ .

² After the release of the Federal Archives, the data are destroyed. Data that are not remitted to the Federal Archives is destroyed upon expiry of the retention period.

³ The provision of data to the Federal Archives may be in electronic form.

¹ The following shall apply to the security of data security of art. 20 and 21 of the Order of 14 June 1993 on the Federal Data Protection Act ¹ And the provisions of the December 9, 2011 Order on Informatics and Telecommunications in the Government of Canada ² .

² The relevant data, programmes and documentation must be protected against unauthorised treatment and against destruction and subtraction. They must be able to be reconstituted.

³ Data transmission must take place in encrypted form throughout the process.

⁴ Access to the information system must be resolved for each user by an individual user profile, so that a person can only use the information system within the limits of his or her competence.

⁵ Data processing must be the subject of an automated protocol.

The order of 6 March 2000 on the information system of the Federal Customs Administration in the field of criminal matters ¹ Is repealed.

¹ The existing data collections used to prosecute and adjudicate AFD offences are transferred to the AFD's new information system.

² To ensure data security, existing data collections may be retained for five years from the date of transfer. The data must then be destroyed.

³ After the transfer to the information system, this order also applies to data entered under the former provisions.

This order shall enter into force on 1 ^Er November 2013.