Confidentiality Policy

Data Protection Declaration

1. Who we are

Fiduciaire Auditoria SA is a company providing services in the fiduciary field. Fiduciaire Auditoria SA's range of services includes bookkeeping and balance sheet preparation, auditing, studies of organizational problems, accounting and legal expertise, tax issues, incorporation and liquidation of companies and foundations, payroll and social insurance management in Switzerland and abroad.

2. Basic principles of data processing

This data protection declaration describes how we handle personal data, in particular which personal data we collect and for what purposes. It also governs the transfer of data, the retention period and your rights.

Personal data (hereinafter also referred to as data) is any information relating to an identified or identifiable natural person. The notion of data processing must be understood in the light of the situation, and includes any operation relating to personal data, whatever the means and procedures used, in particular the collection, storage, use, modification, communication, archiving or destruction of data.

We collect and process personal data in order to perform our professional duties, in accordance with legal and contractual provisions. The collection, processing and use of personal data are subject to the legal provisions in force in Switzerland(1) and, where applicable, in Europe(2) .

We collect personal data transparently and in accordance with the principles of proportionality and purpose. Data is processed only to the extent and for the duration necessary to fulfill our tasks and obligations.

_______________________________________________

1 Federal Data Protection Act of September 25, 2020

2 EU General Data Protection Regulation (GDPR)

3. Purpose of collecting and processing personal data

We process personal data that is necessary to ensure the continuity, security and reliability of our offer. In particular, this includes the following purposes:

Management and administration of contractual relations with customers, employees, suppliers, etc;
Contact management and communication for service provision;
Website operation and authentication of registered users for certain parts of our website or our dedicated customer portal;
Ensuring safety, complying with legal obligations and asserting claims;
Invitations and organization of events and webinars;
Marketing actions and newsletters;
Statistical collection and analysis;

4. What personal data do we process?

4.1 Contact data and general basic data

Depending on the purpose of the data processing, the customer segment and the service areas, we collect different types of personal data, including, in certain circumstances, sensitive data.

We process at least the following personal data for all contacts, interlocutors, contractual partners and customers:

surname, first name, e-mail address and, if applicable, gender, address, telephone number, title, date of birth, nationality, profession, employer details, title, AHV number;
electronic and written correspondence (mail).

In addition, depending on the purpose of the data processing, the customer segment and the service area, we collect and process further data as described in the following paragraphs:

4.2 Mandate management data

In order to manage and administer our mandates and to communicate with our customers, we process the following personal data:

Contact data and general basic data as per 4.1;
For companies:
- Legal form, share capital and paid-up capital, year company founded, external auditors, sales in Switzerland and abroad, annual sales by business area, register no;
- Branches: Location of branch, company name, address, telephone, Internet, e-mail, language of correspondence;
- Staffing information: professional fields, number of employees resp. managers, percentage of positions;
Financial information;
Risk assessment data:
- Extracts from the register of prosecutions;
- Management and control of the company:
  - Data on individuals/partners and members of management involved in the company: surname, first name, year of birth, nationality, position, percentage of voting rights, information on company activity;
  - Data on companies and foundations with a stake in the company: company name, registered office, area of business, degree of participation;
  - Contact details: surname, first name, date of birth, e-mail and telephone number;
- Information on the hiring of management staff from third-party companies, including surname, first name, company, sector of activity, position and level of employment;
- Data on shareholdings
Payment information;
Mandate data such as:
- articles of association, minutes, contracts,
- employee data (salary, social insurance),
- accounting and tax information,
- sensitive personal data [such as data relating to health, religion, welfare, debt collection or bankruptcy].

This data is mainly processed in the context of services provided in our field of activity [auditing, consulting, tax, payroll processing or accounting]. It mainly concerns data relating to our customers. But it may also concern third parties, such as employees, contact persons or persons who have a (contractual) relationship with our customers. Our customers may therefore also refer to this data protection declaration, but they themselves must take steps to comply with the Data Protection Act.

Data processing is used for the management and administration of mandates, solvency checks, prevention of conflicts of interest and quality control. It also meets legal and contractual requirements.

As a rule, data is supplied and made available directly by customers. However, depending on the nature and scope of the mandate, data may also come from authorities, courts or third parties. In certain circumstances, data may also be collected directly from the employer of the persons concerned.

4.3 Data for mailings and newsletters

We process the following personal data in order to send you information about events, publications, etc. (for marketing purposes) and to send you newsletters:

Contact data and general basic data as per 4.1;

This data is necessary for the provision of the service, for communication or for the management of our customer base. Information relating to marketing, mailings and newsletters is also subject to statistical analysis in order to continuously improve our services. You may object to the use of your personal data for marketing purposes at any time, or unsubscribe from the newsletter.

4.4 Data for organizing and staging events

The following personal data is processed for the organization and execution of events:

Contact data and general basic data as per 4.1;
Information on employer (such as company name, address, e-mail address), participants and speakers;
Training participation information;
Payment information;
In certain circumstances, images or videos.
[Others].

For online events, the data referred to in section 4.5 is also processed.

First name, surname, address, e-mail address and employer may be disclosed to other participants. You may also be photographed or filmed at events.

This data is processed for event organization, networking and marketing purposes. We need the images for internal documentation of the event, for inclusion in a newsletter or on our website and social media networks, for reporting purposes and, where appropriate, to inform our members about the event. Participants have the opportunity to let the photographer know, before or at the time of shooting, that they do not wish to appear in the corresponding images.

4.5 Data related to direct communication (telephone, e-mail or chat, online meetings, video-conferences and/or webinars, etc.)

The online meetings, video conferences and/or webinars we organize are carried out using Microsoft Teams, possibly with Zoom. For direct communication by telephone, e-mail, collaboration solution or chat, we, and if necessary our corresponding service providers, may process the following personal data:

Contact data and general basic data as per 4.1;
Other personal data contained in the e-mail;
Communication data such as IP address, time and duration of communication;
Videoconference recordings, if required;

We process this personal data in order to provide and improve our services to our customers and other interested third parties.

4.6 Personnel data

The following data is processed for personnel management purposes:

Contact data and general basic data as per 4.1;
Social insurance data / AVS no;
Information about children;
Information about the position within our company, such as date of hire, position, salary, employment contract;
Application information such as cover letter, CV, work certificates, diplomas, interview evaluations, assessments, references;
Financial information and bank details;
For employees taxed at source: confession, residence permit, information on other professional activities, income acquired as compensation and information on partner;
Information on the periodic appraisal interview;
Time and vacation recording;
Information on illness, accidents, maternity or paternity leave, military service or civil protection;
Extracts from criminal record and/or register of prosecutions;

Applications that do not lead to employment are deleted/destroyed at the end of the application procedure, unless we have obtained permission to keep them.

The data is used for the correct processing of human resources and the execution of the contractual relationship (employment contract), and is mainly provided by employees.

4.7 Suppliers and other contractual partners

We process the following personal data from business partners who provide services or deliveries on our behalf:

Contact data and general basic data as per 4.1;
Financial information such as bank details;
Information available in the contract (such as data on responsible employees, advisors, information on the service provided, etc.);

We process such data for the purposes of contractual performance and in accordance with the statutory retention periods under commercial and tax law. If our contractual partners have access to our personal data in the course of performing their duties [e.g. IT companies], we enter into a corresponding subcontracting agreement with them.

4.8 Operation, improvement and control of the website and other electronic channels

4.8.1 Server logfiles

Our website can be used without the need to disclose extensive personal data. However, the server does collect information about the user on each visit. This information is temporarily stored in server log files. However, it is not possible to attribute this information to a specific person. The log files contain the following information:

date, time of access and amount of data,
browser and operating system,
the supplier's domain name,
the page from which you arrived on our site (Refered-Url),
the search query,
IP address.

The collection of this data is technically necessary: it serves to ensure the stability and security of the website, and is used to analyze and improve the use of the website. It also enables us to carry out precise checks in the event of suspected illegal use of our website.

4.8.2 Cookies

Our website uses cookies and similar technologies. If your device settings allow it, we use cookies and similar tools to provide you with an optimal browsing experience on our website.

Cookies are text files that are stored on your computer and enable us to analyze your use of the website or to fill in forms or connect you to our customer portal via our website. They facilitate the presentation of our website and help you navigate through it. Cookies collect data such as:

IP address,
the website from which you visit us,
the type of device you're using,
how you use our search function (known as Search-Log),
the various actions you perform when you receive the newsletter.

Further information on the use of cookies can be found in the information on the use of web analysis tools (sections 7.1 and 7.2).

It is also possible to visit our website without cookies, by setting your browser to prevent cookies from being saved. However, this setting may restrict your ability to use the website. Under no circumstances do we use cookies to install malware or spyware on your computer.

4.9 Ensuring safety, complying with legal obligations and asserting claims

We may process the aforementioned personal data in order to guarantee security and enforce your rights, if necessary, and, to this end, pass them on to third parties such as courts or offices.

5. Data capture, retention period, security measures

5.1 Data entry

As a general rule, we obtain the personal data mentioned in section 4 directly from you from the moment you receive one of our benefits. In certain circumstances, data may also be collected directly from your employer.

However, in the case of mandates, data may also come from authorities, courts or third parties, depending on the nature and scope of the mandate. [Additional information on third-party data, if applicable].

We also use publicly available information in the media and on the Internet insofar as this is appropriate in a specific case (e.g. as part of a job application, when selecting teachers and lecturers), as well as data relating to website use (see section 4.8).

5.2 Storage period

We retain personal data for as long as it is required for the purposes for which it was collected, for the statutory or contractual retention periods, and for as long as we have an overriding interest in retaining it. The data is then deleted.

5.3 Data security

We take appropriate technical and organizational security measures to protect personal data against unauthorized access and misuse. These measures include IT and network security solutions, access restrictions, encryption of data carriers and their transmission, instructions, training and controls.

Data is stored in the applications and software we use. Data is stored on servers located in Switzerland and Europe. If data is stored abroad (Teams, logs, etc.), the rules set out in section 7 apply.

If third parties have access to our data, special measures are taken, which are governed by the outsourcing contract (see section 8).

6. Social media networks

Our website uses sharing buttons to allow you, by clicking, to use third-party social plug-ins, e.g. Twitter or LinkedIn. In this way, we enable visitors to our website to share content on the respective social media networks. When you click on a share button, usage data is transmitted to the corresponding social media provider.

Plug-ins are identified by the provider's logo. The content of the plug-in is transmitted directly to your browser by the provider's website and linked to the web page. By linking the plug-ins or opening the corresponding channel via the link, the provider receives the information that you have visited our website. If you are logged in at the same time, the service provider can associate your visit with your profile. If you interact with the plug-ins, e.g. by clicking on the button or leaving a comment, the corresponding information is transmitted directly from your browser to the provider and stored there.

We also provide links to our respective social media networks. This is only a static link to the relevant channel. When you connect to our social media networks, we receive information that is stored in your profile (contact information) and any information about your friends' profiles.

The purpose and scope of the data collection and further processing of your data by the service provider, as well as your rights and the settings you can make to protect your privacy, can be found in the service provider's data protection information.

Facebook Ireland Ltd. resp. Facebook Inc: https://www.facebook.com/policy.php
LinkedIn Corporation: https://www.linkedin.com/legal/privacy-policy"
Twitter Inc: https://twitter.com/en/privacy
Google Ireland Limited resp. You Tube: https://policies.google.com/privacy

7. Tracking technologies and third-party tools

7.1 Google Analytics

Our website uses "Google Analytics", a web analysis service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of our website is generally transferred to a Google server in the USA and stored there. [Please note that this website uses Google Analytics with the "anonymizeIp();" extension to ensure that IP addresses are recorded anonymously (IP masking)].

If you activate the anonymization of your IP address on our website, this address will be processed in an abbreviated form by Google in Switzerland, in member states of the European Union (EU) or in other states party to the Agreement on the European Economic Area. As a result, it is not possible to identify you personally.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA, where it will be abbreviated. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

You can prevent cookies from being saved by setting your browser accordingly. However, please note that in this case, not all functions of our site may be fully available.

In addition, you can prevent the transfer to Google of data generated by the cookie and data relating to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available.

You can also prevent the collection of data by Google Analytics by installing an opt-out cookie which will prevent your data from being saved the next time you visit our website: deactivate Google Analytics.

Further information on this subject can be found at https://marketingplatform.google.com/about/analytics/terms/fr/ and on data protection at https://marketingplatform.google.com/about/.

7.2 Newsletter dispatch

Newsletters contain "web beacons", i.e. single-pixel files that are extracted when the newsletter is opened. Technical data such as browser and system information, as well as your IP address and the time of access, are collected as part of this extraction process.

This information is used for the technical improvement of our services on the basis of technical data or target groups and your reading behavior according to location (identifiable via IP address) or access times. For statistical purposes, we also record whether the newsletter has been opened. In this case, the day, time and links consulted are recorded. For technical reasons, this information can be allocated to the corresponding recipient. However, we only use this information to identify the reading habits of our users, to adapt content and thus improve the newsletter.

The mailing service provider may use the recipient data pseudonymously, i.e. without associating it with a user, in order to optimize or improve its own services, e.g. for technical optimization of the newsletter mailing and layout, or for statistical purposes. It does not, however, use the data of our newsletter recipients for its own purposes or pass them on to third parties. [For the protection of personal data, we have concluded a subcontracting agreement with the dispatch service provider].

7.3 Using plug-ins

Our website uses functions of the LinkedIn network. The service provider is LinkedIn Ireland Unlimited, Company Wilton Plaza, Wilton Place, Dublin 2 Ireland. Each time you visit a page on our site containing LinkedIn functions, a connection is established to LinkedIn's servers. LinkedIn is informed that you have visited one of our pages via your IP address. If you click on the "Recommend button" and are connected to your LinkedIn account, LinkedIn can link your visit to our website to you and your user account. Further information can be found in the LindedIn privacy policy.

8. Data transmission and transfer

We may pass on personal data to third parties if you have given your consent, if this is necessary to provide the service concerned, fulfill the purpose of the contract or preserve our legitimate interests, or if we are required to do so by law.

The following categories of recipients may receive personal data from us:

service providers (e.g. IT service companies, hosting providers, suppliers, consultants, lawyers, insurance companies).
third parties within the scope of our legal or contractual obligations, authorities (in particular audit supervisory authorities or tax authorities), government institutions, courts.

The third parties we appoint are contractually bound to respect data protection and to process data only for the purposes we have indicated to them.

Most of our service providers are located in Switzerland or in the EU/EEA. Some personal data may also be transferred to the USA (e.g. Google Analytics data). Should it be necessary to transfer data to a country without an adequate level of data protection, this will be done on the basis of standard contractual clauses (e.g. in the case of Google) or other appropriate guarantees.

The information you provide may also be rendered anonymous and passed on to third parties for statistical analysis.

9. Your rights

Any person may request information on the data processed concerning him or her, as well as on the origin, recipient and purpose of the data collection and processing. You also have the right to request the rectification, blocking, deletion or transfer of your data.

Data stored in accordance with legal provisions or necessary for business management purposes cannot or must not be deleted. If the data is not affected by a legal archiving obligation or by our overriding interest in retention, we will delete your data at your request. If an archiving obligation applies, we will block your data.

In addition, you can assert your legal rights or lodge a complaint with the competent data protection authority.

10. Final provisions

10.1 Responsible entity and contact

We are responsible for processing data in accordance with this data protection declaration, unless otherwise stipulated.

The person responsible for data protection is Mr Christian Soguel.

General inquiries about data protection can be sent to us by post or e-mail. Details for all correspondence are as follows:

Fiduciaire Auditoria SA

Rue Caroline 2

1003 Lausanne

info@auditoria.ch

For questions concerning a particular person, requests for rectification or a request for deletion, a copy of the identity card or passport identifying the user must also be attached.

10.2 Changes to the data protection declaration

We may amend our data protection declaration at any time by publishing it on the website. This data protection declaration was last updated on 28.07.2023.