Data Protection Statemement
Version 1.0 from 01.09.2023
In this data protection declaration, we, the companies CORE Partner AG, CORE Treuhand AG, CORE Revision AG, CORE Fiduciaire Revicor SA, CORE Medical AG and any other companies of the CORE Group not listed above (e.g. subsidiaries or group companies added at a later date; hereinafter "CORE Group"), describe how we collect and process personal data. This data protection declaration is not an exhaustive description; other declarations relating to data protection or general terms and conditions, conditions of participation and similar documents may govern specific matters. For the purposes of this Privacy Policy, personal data means any information relating to an identified or identifiable natural person.
If you provide us with personal data of other persons (e.g. family members, employees, business partners, lenders and borrowers, testators, beneficiaries of inheritances, donors, recipients of gifts, members of associations etc.), please ensure that these persons are aware of this privacy policy and only share their personal data with us if you have been authorised to do so and if this personal data is correct.
If you give us access to your system or an external platform to process personal data within the scope of the mandate, you are responsible for data security and data protection. You are also responsible for the data security and data protection of the e-mail system you use to communicate with us.
1. Responsible body and contact
CORE Partner AG and the other companies of the CORE Group are responsible for the data processing described in this data protection declaration, unless otherwise stated in individual cases. Data protection enquiries can be sent to us by letter or e-mail, enclosing a copy of the ID or passport identifying the enquirer:
CORE Partner AG
Data protection
Chännelmattstrasse 9
3186 Düdingen
datenschutz@core-partner.ch
2. Collection and processing of personal data
We collect and process personal data in particular in the following cases:
- Customer and personal data of private and business customers as well as employees of business customers (hereinafter 'customers') for whom we provide or have provided services;
- Personal data that we have received indirectly from our clients or procure from third parties in the course of providing the service;
- when visiting our website;
- when using our newsletter;
- when participating in an event of ours;
- when we communicate or a visit takes place;
- in the case of other contractual relationships, e.g. as a supplier, service provider or consultant;
- for applications;
- in the case of subletting;
- if we are required to do so for legal or regulatory reasons;
- when we are carrying out our due diligence or other legitimate interests, e.g. to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security or enforce our rights (including billing and debt collection).
More detailed information can be found in the description of the respective categories of processing in point 4.
3. Categories of personal data
The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we may also process other information about you or about people who have a personal or business relationship with you (spouses, children, employees and other third parties). Under certain circumstances, this information may also be particularly sensitive personal data.
We collect the following categories of personal data depending on the purpose for which we process it:
- Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information);
- Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number, family circumstances);
- Risk assessment data (e.g. credit rating information, commercial register data, sanctions lists, specialised databases, data from the internet);
- Financial information (e.g. data on bank accounts, investments, shareholdings, income and assets);
- Mandate data, depending on the mandate (e.g. tax information, articles of association, minutes, projects, contracts, employee data (e.g. working hours, absences, salary, expenses, social insurance, pension funds), accounting data, beneficial owners, ownership;
- Website data (e.g. IP address, device information (UDI), browser information, website usage (e.g. analysis and use of plugins);
- Application data (e.g. CV, references, diplomas, grade sheets);
- Marketing information (e.g. newsletter registration);
- Security and network data (e.g. visitor lists, access controls, network and mail scanners, telephone call lists).
To the extent permitted, we also take certain data from publicly accessible sources (e.g. debt enforcement or criminal registers, land registers, commercial registers, press, internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties (e.g. insurance companies). In addition to the data about you that you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers; information that we learn in connection with official and legal proceedings; information in connection with your professional functions and activities (so that we can, e.g. (e.g. so that we can conclude and process transactions with your employer with your help); information about you in correspondence and discussions with third parties; creditworthiness information; information about you provided to us by people close to you (family, advisors, legal representatives etc.) so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, full payment etc.). References, your address for deliveries, powers of attorney); information on compliance with legal requirements such as anti-money laundering and export restrictions; information from banks, insurance companies, sales and other contractual partners of ours on the provision of services to or use by you (e.g. payments made, purchases made); information from the media and Internet on your person (insofar as this is appropriate in the specific case, e.g. in the context of a job application etc.).Your addresses and, if applicable, interests and other socio-demographic data (for marketing); data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location details).
4. Purposes of data processing and legal basis
4.1 Provision of services
We primarily process the personal data that we receive from our clients (in particular in the context of fiduciary services, payroll processing, auditing, tax, economic, legal and pension advice) and other contractual relationships with business partners and other persons involved in these relationships. We may also process this personal data in order to check whether there could be a conflict of interest in connection with our activities as auditors and to ensure that we do not enter into any unwanted risks, e.g. with regard to money laundering or sanctions, through our cooperation.
The personal data of our customers is in particular the following information:
- Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information)
- Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number, family circumstances)
- Risk assessment data (e.g. credit rating information, commercial register data, sanctions lists, specialised databases, data from the internet)
- Financial information (e.g. data on bank accounts, investments, shareholdings, income and assets)
- Mandate data, depending on the mandate (e.g. tax information, articles of association, minutes, projects, contracts, employee data (e.g. working hours, absences, salary, expenses, social insurance, pension fund), accounting data, beneficial owners, ownership structure
- Sensitive personal data: These personal data may also include personal data requiring special protection (e.g. data on health, religious views, political opinions, trade union activities, social assistance measures or data on administrative and criminal prosecution/sanctions), in particular if we provide services in the areas of fiduciary services, payroll processing, accounting, taxes, pension provision or law.
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Conclusion or execution of a contract with the data subject or for the benefit of the data subject, incl. contract initiation and possible enforcement (e.g. advice, fiduciary services);
- Fulfilment of a legal obligation (e.g. if we perform our duties as auditors or are obliged to disclose information);
- Safeguarding legitimate interests (e.g. for administrative purposes, to improve our quality, ensure safety, manage risk, enforce our rights, defend ourselves against claims or to check for possible conflicts of interest);
- Consent (e.g. for information to social workers for payroll accounting mandates, for requesting information from insurance companies, pension funds, compensation funds, banks and authorities or to send you marketing information).
4.2 Indirect data processing from service provision
When we provide services to our clients, we may also process personal data that we have not collected directly from the data subjects or personal data from third parties. These third parties are usually employees, contacts, family members or persons who have a relationship with the clients or data subjects for other reasons. We need this personal data to fulfil contracts with our clients. We receive this personal data from our clients, from third parties engaged by our clients or from third parties who disclose the information to us on the basis of a power of attorney from our client. Third parties whose information we process for this purpose must be informed by you that we are processing their data. You can refer to this privacy policy for this purpose.
The personal data of the persons who have a relationship with our customers is in particular the following information:
- Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information);
- Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number, family circumstances);
- Financial information (e.g. data on bank accounts, investments or shareholdings);
- Mandate data, depending on the mandate (e.g. tax information, articles of association, minutes, employee data (e.g. salary, social security), accounting data, beneficial owners, ownership);
- Sensitive personal data: These personal data may also include personal data requiring special protection (e.g. data on health, religious views, political opinions, trade union activities or social assistance measures), in particular if we provide services in the area of payroll processing, accounting, taxes or pension provision.
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Conclusion or performance of a contract with or for the benefit of the data subject (e.g. when we perform our contractual obligations);
- Fulfilment of a legal obligation (e.g. if we perform our duties as auditors or are obliged to disclose information);
- Safeguarding legitimate interests, in particular our interest in providing optimum service to our customers.
4.3 Use of our website
No personal data need to be disclosed in order to use our website. However, the server collects various user information with each call, which is temporarily stored in the server's log files.
When using this general information, no allocation to a specific person takes place. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected to improve the website and to analyse its use.
This is in particular the following information:
- Contact information (e.g. surname, first name, address, telephone number, e-mail);
- Other information that you submit to us via the website;
- Technical information automatically transmitted to us or our service providers, information on user behaviour or website settings (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, click on links etc.) is not collected.
- We process this personal data for the purposes described above on the basis of the following legal grounds:
- Safeguarding legitimate interests (e.g. for administrative purposes, to improve our quality, analyse data or publicise our services);
- Consent (e.g. to the use of cookies or the newsletter).
4.4 Newsletter usage
If you subscribe to our newsletter, we will use your e-mail address and other contact details to send you the newsletter. You can subscribe to our newsletter with your consent. Mandatory information for sending the newsletter is your full name as well as your e-mail address or postal address, which we store after your registration.
The legal basis for the processing of your data in connection with our newsletter is your consent to the sending of the newsletter. You can revoke this consent and unsubscribe from the newsletter at any time.
4.5 Participation in events
If you attend an event organised by us, we collect personal data in order to organise and run the event and, if necessary, to send you additional information afterwards. We also use your information to inform you of other events. It is possible that you will be photographed or filmed by us at these events and that we will publish this footage internally or externally.
This involves the following information in particular:
- Contact information (e.g. surname, first name, address, telephone number, email, other contact information);
- Personal information (e.g. date of birth, nationality, marital status, profession, function, title, employer company, eating habits);
- Image and video material;
- Payment information (e.g. bank details).
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Fulfilment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (enabling participation in the event);
- Safeguarding legitimate interests (e.g. holding events, disseminating information about our event, providing services, efficient organisation);
- Consent (e.g. to send them marketing information or to create visual material).
4.6 Direct communication and visits
When you contact us (e.g. by phone, email or chat) or when we contact you, we process the necessary personal data. We also process this personal data when you visit us. In this case, you may be required to leave your contact details prior to your visit or at reception. We keep these for a certain period of time to protect our infrastructure and information.
We generally use the "Microsoft Teams" service to conduct telephone conferences, online meetings, video conferences and/or webinars ("online meetings").
In particular, we process the following information:
- Contact information (e.g. surname, first name, address, telephone number, e-mail);
- Personal information (e.g. profession, function, title, employer company);
- Marginal data on communication (e.g. IP address, duration of communication, communication channel);
- Recordings of conversations, e.g. during video conferences;
- Other information uploaded, provided or created by the user during the use of the video conferencing service and metadata used for the maintenance of the service provided. Additional information about Microsoft Teams' processing of personal data can be found in their privacy statements;
- Time and reason for the visit.
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Fulfilment of a contractual obligation with or for the benefit of the data subject, including contract initiation and possible enforcement (provision of a service);
- Safeguarding legitimate interests (e.g. security, traceability and processing and administration of customer relationships).
4.7 Applications
You can submit your application for a position with us by post or via the e-mail address provided on our website. The application documents and all personal data disclosed to us in this way will be treated as strictly confidential, will not be disclosed to any third party and will only be processed for the purpose of processing your application for employment with us. If you are not hired, your application file will be deleted/destroyed after the application process has been completed, unless it is subject to a legal obligation to retain it.
In particular, we process the following information:
- Contact information (e.g. surname, first name, address, telephone number, e-mail);
- Personal information (e.g. profession, function, title, employer company);
- Application documents (e.g. letter of motivation, certificates, diplomas, grade sheets, CV);
- Assessment information (e.g. assessment of personnel consultants, reference information, assessments).
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Safeguarding legitimate interests (e.g. hiring new employees)
- Consent.
4.8 Suppliers, service providers, other contractual partners
When we enter into a contract with you to provide a service for us, we process personal data about you or your employees. We need this data to communicate with you and to use your services. We may also process this personal data in order to check whether there could be a conflict of interest in connection with our work as auditors and to ensure that we do not enter into any unwanted risks, e.g. with regard to money laundering or sanctions, through our cooperation.
In particular, we process the following information:
- Contact information (e.g. surname, first name, address, telephone number, e-mail);
- Personal information (e.g. profession, function, title, employer company);
- Financial information (e.g. data on bank details).
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Conclusion or execution of a contract with or for the benefit of the data subject, including contract initiation and possible enforcement;
- Safeguarding legitimate interests, (e.g. avoiding conflicts of interest, protecting the company, enforcing legal claims).
5. Tracking technologies
We use cookies on our website. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site.
Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity. The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognise that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time.
The data processed by cookies are necessary for the purposes mentioned. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
6. Web and newsletter analysis
We use the following web analysis tools and re-targeting technologies in order to obtain information about the use of our website, to improve our internet offer and to be able to address you with advertising on third-party websites or on social media: Google Analytics and Microsoft Clarity.
These tools are provided by third-party providers. As a rule, the information collected for this purpose about the use of a website is transmitted to the third-party provider's server through the use of cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad.
The transmission of the data normally takes place with shortening of the IP addresses, which prevents the identification of individual end devices. A transmission of this information by third-party providers only takes place due to legal regulations or in the context of order data processing.
6.1 Google Analytics
We use Google Analytics, the web analysis service of Google LLC, Mountain View, California, USA, responsible for Europe is Google Limited Ireland ("Google"). To deactivate Google Analytiscs, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=en. Google Analytics uses cookies. These are small text files that make it possible to store specific information related to the user on the user's terminal device. These enable an analysis of the use of our website by Google. The information collected by the cookie about the use of our website (including your IP address) is usually transmitted to a Google server in the USA and stored there. We would like to point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" in order to ensure anonymised collection of IP addresses (so-called IP masking). If anonymisation is active, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google may associate your IP address with other Google data. For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses.
6.2 Google Maps
On our website we use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Limited Ireland, "Google"). Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, our location is shown to you and a possible journey is made easier. When you call up those sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
For data transfers to the US, Google has committed to sign and comply with the EU standard contractual clauses.
6.3 Google Re-CAPTCHA
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated programme. This is how we curb abusive website requests from automated tools and spam, among other things. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. By blocking the reCAPTCHA, it is possible that you can no longer fully use the services of our website, especially with regard to forms.
6.4 Microsoft Clarity
This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (cf. https://docs.microsoft.com/en-us/clarity/ hereinafter "Clarity").
Clarity is a tool for analysing user behaviour on this website. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). We also receive information about general user behaviour within our website. Clarity uses cookies and other technologies to collect information about the behaviour of our users and their end devices, in particular the IP address of the device (which is only recorded and stored anonymously), screen size, device type, information about the browser used, location (country only). Clarity stores this information in a pseudonymised user profile, the storage period is 1 year. The information is neither used by Clarity nor by us to identify individual users nor is it combined with other data about individual users. The data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA. We use Microsoft Clarity with the so-called anonymisation function. Through this function, Microsoft shortens the IP address even before you are transmitted.
You can find further details on Clarity's data protection here: https://docs.microsoft.com/en-us/clarity/faq Objection option and on opting out at: https://choice.microsoft.com/de-DE/opt-out
6.5 Social Media Plugins
So-called social media plugins ("plugins") from third-party providers are used on our website. The plugins are recognisable by the logo of the respective social network. Via the plugins, we offer you the opportunity to interact with the social networks and other users. We use the following plugins on our website: LinkedIn. When you call up our website, your browser establishes a direct connection to the servers of the third-party provider. The content of the plugin is transmitted directly to your browser by the respective third-party provider and integrated into the page.
The data transfer for the display of content takes place regardless of whether you have an account with the third-party provider and are logged in there. If you are logged in to the third-party provider, your data collected by us will also be directly assigned to your account with the third-party provider. If you activate the plugins, the information will also be published on the social network and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by the third-party providers, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection notices of the third-party providers. The third-party provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. In particular, such an evaluation is also carried out for non-logged-in users for the display of needs-based advertising and to inform other users of the social network about your activities on our website. If you would like to prevent the third-party providers from assigning the data collected via our website to your personal profile in the respective social network, you must log out of the respective social network before visiting our website. You can also completely prevent the loading of the plugins with specialised add-ons for your browser such as "Ghostery" (https://www.ghostery.com/) or "NoScript" (http://noscript.net/).
6.6 Newsletter Tracking
A tool for analysing our newsletter is being evaluated.
7. Data sharing and data transmission
We will only disclose your data to third parties if this is necessary to provide our service, if these third parties provide a service for us, if we are obliged to do so by law or by the authorities or if we have an overriding interest in disclosing the personal data. We will also disclose personal data to third parties if you have given your consent or requested us to do so.
Not all personal data is transmitted in encrypted form as standard. Unless explicitly agreed otherwise with the client, accounting data, salary administration data, salary slips and statements as well as tax data are transmitted unencrypted.
The following categories of recipients may receive personal data from us:
- CORE Group companies and service providers (e.g. IT service providers, hosting providers, suppliers, consultants, banks, lawyers, notaries, insurance companies);
- Third parties within the scope of our legal or contractual obligations (e.g. authorities, state institutions, courts, insurance companies, pension funds, counterparties/negotiating partners or their representation, employers, social workers, social partners, professional associations, joint commissions, foundation supervisory authorities, banks, your auditors, your group companies worldwide, your business partners worldwide etc.).
We conclude contracts with service providers who process personal data on our behalf as order processors, which oblige them to guarantee data protection. The majority of our service providers are located in Switzerland or in the EU / EEA. Certain personal data may also be transferred to the EEA, the USA (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. If data transfer to other countries that do not have an adequate level of data protection is necessary, this will be done on the basis of the EU standard contractual clauses (e.g. in the case of Google) or other suitable instruments.
8. Duration of the retention of personal data
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as a matter of principle and as far as possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less may apply.
9. Data security
We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation and controls.
10. Obligation to provide personal data
In the context of our business relationship, you must provide such personal data as is necessary for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations (you do not generally have a legal obligation to provide us with data). Without this data we will not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.
11. Your rights
You have the following rights in relation to our processing of personal data:
- Right to information about personal data stored by us about you, the purpose of processing, the origin and about recipients or categories of recipients to whom personal data is passed on;
- Right to rectification if your data is incorrect or incomplete;
- Right to restrict the processing of your personal data;
- right to request the deletion of the personal data processed;
- Right to data portability;
- Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons;
- Right to complain to a competent supervisory authority, where provided for by law.
To exercise these rights, please contact the address given in section 1.
Please note that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If you incur costs, we will inform you in advance.
12. Amendment of the privacy policy
We expressly reserve the right to amend this data protection declaration at any time. The current version published on our website shall apply.
In the case of conflict between the content of this privacy policy and the content of other language versions, the German version of the privacy policy published on this homepage shall prevail.