Data protection

In this data protection declaration we inform you about how we (hereinafter also "we" and "us") collect and process your personal data (hereinafter also "data" or "personal data").

If you provide us with personal data of other persons (e.g. data of employees), we assume that you are authorised to do so and that the data is correct. By submitting data about other persons, you confirm this. Please ensure that the other persons are informed about this data protection declaration.

We are committed to handling your personal data responsibly. This is important to us. Insofar as we (or third parties on our behalf) collect and process personal data, we comply with the require-ments of the Swiss Data Protection Act. In addition, we also comply with the requirements of the European General Data Protection Regulation (GDPR), insofar as we are legally or contractually obliged to do so. However, whether and to what extent these laws are applicable depends on the individual case.
 

1. Our contact details


Consilio Treuhand & Revisions AG is responsible for data processing in accordance with this data protection declaration. If you have any questions about this privacy statement, our use of your data or your rights, you can contact us at:

Consilio Treuhand & Revisions AG
Kernserstrasse 17
6060 Sarnen
E-mail: info@consilio-treuhand.ch
 

2. What data we collect and for what purpose


2.1 Visiting the website (creation of log files) and other electronic offers

Each time you visit our website, the web server automatically collects data and information from the computer system of the calling computer. This includes, in particular, information about the browser type and version used, the user's operating system, the user's Internet service provider, the referrer URL (websites from which the user's system accesses our website), websites that are accessed by the user's system via our website, as well as the user's IP address, access date and time and the client's data request (file name and URL). This data is stored in the log files of our system (or with third parties) together with other data and only collected for the purpose of statistical evaluation.

If you use other electronic services such as our Wi-Fi network, we collect certain technical data. The technical data also includes the logs in which we record the use of our systems (log data). In some cases, we may also assign a unique identification number (an ID) to your terminal device (tablet, PC, smartphone, etc.).

We use this data to ensure a smooth connection, the comfortable use of our website and other electronic offers, the evaluation of system security and stability and for other administrative pur-poses. This data generally does not allow us to draw any conclusions about your identity. In the context of user accounts or registrations, however, they can be linked with other data categories - and thus possibly with your person.

2.2 Contacting us by e-mail and other communication channels

We offer you the possibility of contacting us via the e-mail address(es) published on our website as well as via other digital communication channels (e.g. TeamViewer). In this case, we store the transmitted data.

Digital communication channels are partly operated by companies based in the USA (e.g. TeamViewer). By using these digital communication channels, you agree that your data may be transmitted to other countries, including the USA, that your opening and clicking behaviour may be tracked and that we may contact you directly. You can revoke your consent to the use of the se-lected digital communication channel at any time. To do so, please contact us using the known contact details.

The digital communication traffic (e.g. e-mail, TeamViewer etc.) is partly unencrypted and unse-cured. The risk remains with you.

2.3 In the context of business relationships

We process your data which we receive in the course of our business relationship with you, our customers in general, other business partners and other persons involved in this.

This is in particular the following data:

  • Contact details such as title, first name, surname, gender, address, e-mail address, telephone number and other contact details;
  • Personal information such as date of birth, nationality, marital status, profession, title, job de-scription, passport/ID number, AHV number, family circumstances;
  • Communication data such as exchanged communication content from e-mails, other written cor-respondence, telephone conversations, video conferences, etc. and information on the type, time and place of the communication. This also includes image and audio recordings of (video) tele-phone calls;
  • Financial information such as data on bank accounts, investments or shareholdings;
  • Mandate data (depending on the service) such as tax information, business data (articles of as-sociation, minutes, contracts, etc.), employee data (e.g. salary, social security), accounting data, audit data.

This data may also include particularly sensitive data such as data on health, religious beliefs or social assistance measures, especially if we provide payroll processing or accounting services.

Where permitted, we also take data from publicly accessible sources (e.g. commercial register, media, internet, social media, etc.). In addition to data that you give us directly, it is data that we receive about you from third parties (authorities, credit information, other third parties), in particu-lar information from registers, in connection with official and court proceedings, in connection with your professional functions and activities, information about you in correspondence and discus-sions with third parties, information that people from your environment (e.g. family, advisors, legal representatives, etc.) give us. (e.g. family, advisors, legal representatives, employers) so that we can conclude or execute contracts with or involving you (e.g. references, powers of attorney), your address.

2.4 Further purposes

Processing to protect other legitimate interests is one of the other purposes. These cannot be explicitly named. They depend on the individual case.
 

3. Legal basis of data processing


3.1 Within the scope of our services and in order to fulfil the contractual obliga-tions

The processing of data takes place for the purpose of providing our services to our customers, including pre-contractual measures as well as post-contractual support (advice, trust, inspection). The data collected in this way is used, for example, for the entire processing of our services, in-cluding any subsequent warranty claims, technical administration, etc. The data is not used for any other purposes.

3.2 Within the framework of the balancing of interests

Where necessary and permissible, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. This includes:

  • Consultation of and data exchange with information centres and other third parties (e.g. business registers);
  • Assertion of legal claims and defence in legal disputes;
  • Examination of possible conflicts of interest;
  • Risk management;
  • Ensuring IT security and IT operations;
  • Prevention and investigation of criminal offences;
  • Business management and development of services, products and the website products and the website;
  • Purchase and sale of business divisions, companies or parts of companies and other transac-tions under company law and the associated transfer of data as well as measures for business management.

3.3 Based on your consent

Insofar as you have given us consent to process data for specific purposes, this processing is lawful on the basis of your consent. Consent given can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until revocation.

3.4 Due to legal requirements, other binding regulations or in the public interest

In addition, we are subject to various legal obligations and other binding regulations in connection with which we must process your data (e.g. obligations as auditors, fiscal representatives, execu-tors).
 

4. Data transfer and transmission abroad


We will only disclose your data to third parties in the course of our business activities and for the purposes described in this privacy policy if we are obliged to do so by law, court order or official regulation, if the disclosure is necessary for the assertion, exercise or defence of legal claims or for the performance of contracts and business activities, or on the basis of your consent. These third parties include in particular the following categories of recipients:

  • Order processors such as providers, service providers for website benefit assessment, service providers for IT services (data management, data storage, technical support, etc.), service pro-viders in the field of recruitment, talent management, HR or other services;
  • External business partners (e.g. suppliers, banks, collection agencies) and experts in connec-tion with the contractual service;
  • Competitors, industry organisations, associations, organisations and other bodies;
  • domestic and foreign authorities, official agencies or courts;
  • other parties in potential and actual legal proceedings.

We process personal data not only in Switzerland. Your data can be processed in the European Union/EEA as well as in any country in the world (including the USA). If the level of data protection in the country where the processing third party is located is deemed inappropriate for Swiss con-ditions or within the meaning of the GDPR (including the USA), we provide suitable data protection through appropriate guarantees (e.g. standard contractual clauses), provided that there is no legal exception (e.g. your consent), the recipient is not already subject to a legally recognised set of rules (e.g. CH-USA Data Privacy Framework) to ensure data protection or we can rely on an ex-ceptional provision. Such contractual precautions (guarantees) partially compensate for weaker or missing legal protection, but not all risks can be completely excluded (e.g. from government access abroad).

Please also note that data exchanged via the internet is often routed via third countries. Your data can therefore end up abroad even if the sender and the recipient are in the same country.
 

5. Data security


We use appropriate technical and organisational measures in the systems to protect the data we store from loss, destruction, alteration and unauthorised access by third parties.

Technical security measures include, for example, encryption (including login data) and pseudon-ymisation of data, logging, access restrictions and the storage of backup copies.

We also take our own internal data protection very seriously. Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with the pro-visions of data protection law. Our contractors are also obliged to take appropriate technical and organisational security measures. Furthermore, they are only granted access to personal data to the extent necessary.

Our security measures are continuously adapted in line with technological developments. How-ever, absolute protection cannot be guaranteed.
 

6. Cookies/tracking and other technologies


6.1 Use of cookies and pixels

Our website uses cookies and pixels (collectively cookies). Our interest in optimising our website is to be regarded as legitimate. Cookies are text files that are stored in the internet browser or by the internet browser on your computer system. Pixels are small graphics that enable log file re-cording and log file analysis. The use of cookies serves to make the use of our offer more pleas-ant for you.

We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our website again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you and, if necessary, to display information tailored specifically to you (online marketing). These cookies are automatically deleted after a defined pe-riod of time.

The data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible for us to allocate the data to the calling user. The data is not stored together with other data.

If you do not want this, you must set your browser or e-mail programme accordingly.

6.2 Analytics

We use Google Marketing Platform, a web analytics service provided by Google LLC (1600 Am-phitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland); both together "Google", whereby Google Ireland Ltd is our contract processor. Google Marketing Platform uses cookies (text files) and similar technologies to collect certain information about the behaviour of individual users on or in the website in ques-tion and the end device used for this purpose (tablet, PC, smartphone, etc.) and thus enable the analysis of the use of the website.

The information generated by these performance cookies about the use of the website (incl. IP address) is transferred to Google's server in the USA and stored there. We have configured the services in such a way that the IP addresses of users of the websites are shortened by Google within Europe before being forwarded to the USA, so that they cannot be traced. We have switched off the settings "Data transfer" and "Signals".

Google provides us with reports and in this sense can be considered our order processor. How-ever, Google also processes certain data for its own purposes. Google may, under certain cir-cumstances, draw conclusions about the identity of visitors to the websites on the basis of the data collected and therefore create personal profiles and link the data obtained to any existing user accounts of these persons. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. If you consent to the use of Google, you explicitly agree to such processing, which also includes the transfer of personal data to the USA and other countries. Further information on the data protec-tion of Google Marketing Platform can be found here.

6.3 Google Maps

We use the Google Maps product from Google Inc. on our website. By using this website, you consent to the collection, processing and use of automatically collected data by Google Inc, its representatives and third parties. You can find the terms of use of Google Maps here.
 

7. Duration of the processing of your personal data


We process your data only as long as it is necessary for the respective purpose and the fulfilment of our contractual and legal obligations, including legal retention obligations (usually 10 years), or if you have given us your consent to do so. We will continue to process your data for as long as we have a legitimate interest in storing it. This may be the case in particular if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security.
 

8. Your rights


You have several choices when using this website. You can choose not to provide any data at all by not filling in any related forms or data fields on our website, blocking cookies and not using any of the available personalised services.

If you choose to provide personal data or provide it to us in the course of our business relation-ship, you have the right of access, rectification, deletion, restriction of processing, withdrawal of consent and, where applicable, the right to data portability and opposition under certain circum-stances and where provided for by applicable law. Your rights are not absolute. We reserve the right to assert the restrictions provided for by law. We will inform you accordingly.

If you wish to assert your rights against us, please enclose appropriate identification of yourself.

Every data subject also has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzer-land is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
 

9. Reservation of right of modification


This Privacy Policy does not form part of any contract with you. We reserve the right to change this privacy policy at any time, in particular if we change our data practices or if new legislation becomes applicable. The version published on this website is the current version; earlier versions are replaced by the most recent version.


Last updated: 30 August 2023
Sarnen