Data Protection Notice (Privacy policy)

Legal notice – The German version of the Data Protection Notice (Datenschutzerklärung) applies to all data management, including those in other languages.  The English version of the Data Protection Notice is provided for information purposes only. In the event of any contradiction, the German version of the Data Protection Notice shall take precedence.

1. General

Thank you for your interest in our services. This privacy policy provides information on how we process personal data (i.e. information relating to an identified or identifiable individual; hereinafter «personal data» or
«data») at REWISCO Holding AG, REWISCO AG and REWISCO Treuhand AG (hereafter: REWISCO, us or we).

2. Responsible office and contact

Responsible for privacy issues:

REWISCO AG

Rigistrasse 18c

6331 Hünenberg

Contact for privacy issues:

REWISCO AG

Rigistrasse 18c

6331 Hünenberg

Tel: 044 364 16 70

Mail: contact(@)rewisco.com

3. Overview of the purposes for which we process personal data

In particular, we undertake the following categories of personal data processing. A detailed description of the personal data used and further information on processing can be found under para. 5 of this privacy policy:

•        If you are our customer and we provide or have provided services to you.

•        If we received your personal data from our customer and not directly from you when providing our services to our customer.

•        If you visit our website.

•        If you attend one of our events.

•        If we communicate with you or inform you about our services and if we advertise.

•        If you have any other contractual relationship with us, e.g., as a supplier, service provider or consultant.

•        If you apply for a job with us.

•        If we are required to do so for legal or regulatory reasons.

•        When we are performing due diligence or process personal data for other legitimate interests, such as to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security or enforce our rights.

4. Categories of personal data we collect

Which personal data we process depends on your relationship with us and the purpose for which we process the data (see section 3). In addition to your contact details, we also process other information about you or about people who are related to you. Under certain circumstances, this information may also consist of sensitive personal data.

We collect the following categories of personal data, depending on the purpose for which we process them:

•        Contact information (e.g., last name, first name, address, telephone number, e-mail address including meta data as well as recordings and image and video recordings).

•        Customer information (e.g., date of birth, nationality, marital status, occupation, title, job title, passport/ID number, (social security) AHV number)

•        Risk management data (e.g., credit rating information, commercial register data, World Check information and data from the REWISCO network)

•        Financial information (e.g., data on bank details)

•        Mandate data, depending on the mandate (e.g., tax information, business data (statutes, minutes, projects and contracts), employee data (e.g., salary, social security), accounting data, beneficial owners and ownership structure

•        Web page data (e.g., IP address, device information (UDI), browser information, web page usage (analytics and use of plugins, etc.)

•        Application data (e.g., curriculum vitae and references)

•        Marketing information (e.g., newsletter registration)

More detailed information can be found in the description of the respective categories of processing (see section 5).

We usually collect these data directly from you. We may also receive information from our customers about individuals who have no direct relationship with us but with our customer (e.g. data about the customer’s employees). We collect certain data from public or official sources, such as the commercial or debt collection register (see section 5.2). In addition, we may also collect data from and share data with companies in REWISCO’s international network, as well as third parties such as credit reporting agencies or risk assessment information providers.

5. Personal data we process

5.1 When you use our services

From our customers we collect the personal data that we need to provide our contractually agreed service, to protect our interests, or on the basis of a legal or other binding regulation. When we fulfil a contract with you, we collect other personal data depending on the service involved and whether you are a natural person or a legal entity.

The personal data of our customers consist of the following pieces of information in particular: 

•        Contact information (e.g. last name, first name, address, telephone number, e-mail address and other contact information)

•        Personal information (e.g. date of birth, nationality, marital status, occupation, title, job title, passport/ID number, (social security) AHV number, family circumstances, etc.)

•        Risk management data (e.g. credit rating information, commercial register data, sanctions lists, specialised databases, data from REWISCO’s network or the Internet)

•        Financial information (e.g. data on bank details, investments and shareholdings)

•        Mandate data, depending on the mandate, e.g. tax information, business data (statutes, minutes and projects), employee data (e.g. salary and social security), accounting data, etc.

•        Sensitive personal data: these personal data may also include sensitive personal data such as data relating to health, religious beliefs and social assistance measures, in particular if we provide payroll processing or accounting services.

We process these personal data for the described purposes based on the following legal bases:

•        Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (e.g. consulting, and fiduciary)

•        Fulfilment of a legal obligation (e.g. when we perform our duties as auditors or are required to disclose information).

•        Safeguarding of legitimate interests, (e.g. for administrative purposes, to improve our quality, ensure safety, manage risk, enforce our rights, defend against claims, and review potential conflicts of interest).

•        Consent (e.g. to send you marketing information). 

5.2 If we do not receive information directly from our customers

When we provide services to our customers, we may also process personal data that we have not collected directly from the data subjects or other persons's personal data. These other persons are usually employees, contacts, family members or persons who have a relationship with the customers or data subjects for other reasons. We need these personal data to fulfil the contracts with our customers. We receive these personal data from our customers or from third parties contracted by our customers. Persons whose information we process for this purpose are informed by our customers that we are processing their data. Our customers can refer to this privacy policy for this purpose.

The personal data of the persons who have a relationship with our customers consist of the following information in particular:

•        Contact information (e.g. last name, first name, address, telephone number, e-mail address, other contact information, and marketing data)

•        Personal information (e.g. date of birth, nationality, marital status, occupation, title, job title, passport/ID number, AHV number, family circumstances, etc.)

•        Financial information (e.g. data on bank details, investments and shareholdings)

•        Mandate data, depending on the mandate, e.g. tax information, business data (statutes, minutes and projects), employee data (e.g. salary and social security), accounting data

•        Sensitive personal data: these personal data may also include sensitive personal data such as data relating to health, religious beliefs and social assistance measures, in particular if we provide payroll processing or accounting services.

We process these personal data for the described purposes based on the following legal bases:

•        Conclusion or execution of a contract with the data subject or for the benefit of the data subject (e.g. when we perform our contractual obligations)

•        Fulfilment of a legal obligation (e.g. when we perform our duties as auditors or are required to disclose information).

•        Safeguarding of legitimate interests, in particular our interest in providing the best possible service to our customers.
 

5.3 When you visit our websites or receive a newsletter

You can visit our websites without having to provide any personal data. However, when you visit our website, we automatically collect personal data that we need to operate our website and ensure security. We also collect data in order to analyse user behaviour on our website or in our newsletter and to use this information for the communication and improvement of our products (see also section 6).

This personal data consists of the following information in particular:

•       Technical information, information on user behaviour or website settings that is automatically transmitted to us or our service providers (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, clicks on links, etc., see section 6).

We process these personal data for the described purposes based on the following legal bases:

•        Safeguarding of legitimate interests (e.g. for administrative purposes, to improve our quality, analyse data or publicise our services).

•        Consent (e.g. to the use of cookies).

5.4    When you attend a REWISCO event

When you attend an event organised by us, we collect personal data to organise and conduct the event and, if necessary, to send you additional information afterwards. We also use your information to alert you to other events. You may be photographed or filmed by us at these events, and we may publish this footage internally or externally.

This consists of the following information in particular:

•        Contact information (e.g. last name, first name, address, telephone number and e-mail address)

•        Personal information (e.g. occupation, function, title, employer company and dietary information)

•        Pictures or videos

•        Payment information (e.g. bank details).

We process these personal data for the described purposes based on the following legal bases:

•        Fulfilment of a contractual obligation with or for the benefit of the data subject, including contract initiation and possible enforcement (making participation in the event possible)

•        Safeguarding of legitimate interests (e.g. holding events, disseminating information about our event, providing services, and efficient organisation).

•        Consent (e.g. to send you marketing information or to create visual materials).
 

5.5    When we communicate with you or you visit us

If you contact us (e.g. via telephone, e-mail or chat) or if we contact you, we process the personal data required for this purpose. We also process these personal data when you visit one of our offices. In this case, you may be required to leave your contact information prior to your visit or at the reception desk. We retain these data for a restricted time to protect our infrastructure and information.

We process the following information in particular:

•        Contact information (e.g. last name, first name, address, telephone number and e-mail address)

•        Marginal data for communication (e.g. IP address, duration of communication, and communication channel).

•        Recordings of conversations, e.g. during video conferences

•        Personal information (e.g. occupation, function, title and employer)

•        Time and reason for the visit.

We process these personal data for the described purposes based on the following legal bases:

•        Fulfilment of a contractual obligation with or for the benefit of the data subject, including Contract initiation and possible enforcement (provision of a service)

•        Safeguarding of legitimate interests (e.g. security, traceability, and processing and administration of customer relationships).
 

5.6    When you apply to REWISCO

You can submit your application for a position with us by post or via the e-mail address provided on our website. The application documents and all personal data disclosed to us will be treated confidentially, will not be disclosed to third parties and will only be processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application dossier will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a statutory retention obligation.

We process the following information in particular:

•        Contact information (e.g. last name, first name, address, telephone number and e-mail address)

•        Personal information (e.g. occupation, function, title and employer)

•        Application documents (e.g. motivation letter, final grade certificates, diplomas, curriculum vitae)

•        Appraisal information (e.g. assessment of personnel consultants, reference information, assessments)

We process these personal data for the described purposes based on the following legal bases:

•        Safeguarding legitimate interests (e.g. recruitment of new employees)

•        The fulfillment of the contract with you

•        Consent

5.7    When you provide a contractual service in another capacity (e.g. suppliers, service providers, and other contractual partners)

When we enter into a contract with you to provide a service to us, we process personal data from you or your employees. We need these data to communicate with you and to make use of your services. We may also process these personal data to check whether there could be a conflict of interest in connection with our work as auditors and to ensure that we do not take any undesirable risks, e.g. with regard to money laundering or sanctions, through our cooperation.

We process the following information in particular:

•        Contact information (e.g. last name, first name, address, telephone number and e-mail address)

•        Personal information (e.g. occupation, function, title and employer company)

•        Financial information (e.g. data on bank details).

We process these personal data for the described purposes based on the following legal bases:

•        Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including Contract initiation and possible enforcement

•        Safeguarding of legitimate interests, (e.g. avoiding conflicts of interest, protecting the company and enforcing legal claims)

•        Protection of legitimate interests (e.g. avoidance of conflicts of interest, protection of the company, enforcement of legal claims).

6. Tracking-Technology

We use cookies on our website. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. 

Information about the specific device that is being use is stored in the cookie. This does not mean, however, that we are able to identify you personally. 

Cookies are utilized to make the use of our services more convenient for you. For instance, we use so-called session cookies to track your previous visit to any of the pages of our website. These types of cookies are automatically erased when you leave our website. 

In addition, we use temporary cookies to optimize user-friendliness; they are stored on your device for a specific, defined period of time. If you visit our website again to use our services, the system automatically recognizes that you have previously been on our website and what entries and settings you made at that time so that you do not have to enter them again. These cookies are automatically deleted after a defined period of time.

Another objective behind our use of cookies is to obtain statistics regarding visits to our website and to evaluate these data; the results enable us to optimize our website for you. These cookies enable us to automatically recognize that you have already visited our site when you return. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the purposes mentioned.

Most browsers accept cookies automatically. You can, however, configure your browser so that no cookies are stored on your computer or a notification always appears before a new cookie is created. Keep in mind that completely disabling cookies may mean that you cannot use all the functions of our website.

6.1 Web analysis and tracking technology

We use Google Analytics web analysis tools and retargeting technologies to obtain information regarding the use of our website, improve our Internet services and to be able to contact you with marketing on third-party websites and social media.

These tools are supplied by third-party providers. The information regarding the use of the website that is gathered for this purpose is generally transmitted through cookies or similar technology to the third-party provider’s server. Depending on the third-party provider, these servers may be located in another country.

The data are usually transmitted with the IP addresses abbreviated to prevent the identification of individual end devices. This information is passed on by third-party providers only on the basis of statutory provisions or in connection with commissioned data processing.

6.2 Google Analytics

We use Google Analytics on our websites, the web analysis service of Google LLC, Mountain View, California, USA; Google Limited Ireland ("Google") is responsible for Europe. To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de .

Google Analytics uses cookies. These are small text files that make it possible to store specific user-related information on the user's device.

These enable Google to analyze the use of our website. The information collected by the cookie about the use of our pages (including your IP address) is usually transmitted to a Google server in the USA and stored there. We would like to point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" in order to ensure an anonymized collection of IP addresses (so-called IP masking).

If anonymization is active, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google may associate your IP address with other Google data. For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses.

6.3 Social media plugins

Social media plugins («plugins») from third-party providers are used on our website. These plugins can be identified by the logo of the relevant social network. We use the plugins to offer you the opportunity to interact with the social networks and other users. We use the following plugins on our website: Facebook, X (former Twitter), LinkedIn and YouTube.

When you access our website, your browser establishes a direct connection with the third-party provider’s servers. The content of the plugin (e.g. YouTube videos) is transmitted directly to your browser by the third-party provider in question and incorporated into the page.

The data transfer for the display of content (e.g. publications on X (former Twitter)) takes place regardless of whether you have an account with the third-party provider and are logged in there.

If you are logged in with the third-party provider, the data we record are also allocated directly to your account with the third-party provider.
When you activate the plugins, the information is also published in the social network and displayed to your contacts there. Please refer to the data protection notices of the third-party providers regarding the purpose and scope of the recording and further processing and use of the data by the third-party providers as well as your rights in this regard and the settings available to protect your privacy.

The third-party provider stores the data recorded about you as a user profile, which it uses for the purposes of marketing, market research and/or designing its website to meet demand. This kind of analysis is also carried out, in particular, for users who are not logged in to display demand-based marketing and inform other users of the social network about your activities on our website.If you would like to prevent third-party providers from allocating the data gathered via our website to your personal profile in the respective social network, then you must log out of that social network before visiting our website. You can also completely prevent the plugins from being loaded with specialised add-ons for your browser, such as «Ghostery» (https://www.ghostery.com/) or «No Script» (http://noscript.net/).

7. With whom we may share data

We will only disclose your data to third parties if this is necessary to provide our service, if these third parties provide a service for us, if we are required to do so by law or by the authorities, or if we have an overriding interest in disclosing the personal data. We will also disclose personal data to third parties if you have consented to this or have requested us to do so.

The following categories of recipients may receive personal data from us:

•        Other REWISCO companies within the global REWISCO network, subsidiaries and affiliates.

•       Partners in our networks (e.g. IECnet)

•        Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies and credit agencies).

•        Third parties within the scope of our legal or contractual obligations, authorities, state institutions and courts.

We conclude contracts with service providers who process personal data on our behalf, obliging them to ensure data protection. Most of our service providers are located in Switzerland or in the EU/EEA.

Certain personal data may also be transferred to the USA (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. If a data transfer to other countries that do not have an adequate level of data protection is necessary, this will be carried out on the basis of the EU standard contractual clauses (e.g. in the case of Google) or other suitable instruments.

8. How long we keep the data

We retain personal data for as long as is necessary to achieve the purpose for which we collected it. If there are legal or regulatory obligations or overriding interests in storing the data for longer, we retain the personal data. This period is usually at least ten years, e.g. to fulfil archiving obligations in accordance with tax law and accounting regulations or to secure the enforcement of claims. Web analytics data are retained for a short period of time only. After the retention period has expired, the personal data are deleted or anonymised.

9. Data security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and access restrictions, encryption of data carriers and transmissions, pseudonymization, checks. 

10. Obligation to provide personal data

As part of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without this information, we will generally not be able to enter into or process a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.

11.    Your rights

You have the following rights in connection with our processing of personal data:

•        The right to information about personal data stored by us about you, the purpose of the processing, the origin of the data and the recipients or categories of recipients to whom personal data are disclosed.

•        The right to rectification if your data are incorrect or incomplete.

•        The right to restrict the processing of your personal data.

•        The right to request the erasure of personal data that have been processed.

•       The right to data portability: Disclosure of certain personal data for the purpose of transfer to another body (so-called data portability).

•        The right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons.

•        The right to complain to a competent supervisory authority if provided for by law.

To exercise these rights, please contact the address specified in section 2.

The exercise of such rights usually requires that you clearly prove your identity (e.g. by a copy of your identity card, where your identity is otherwise not clear or can be verified).

Please note, however, that we reserve the right to enforce the statutory restrictions, for example if we are obliged to store or process certain data, have an overriding interest in it (insofar as we may invoke it) or need it for asserting claims.

If there are costs for you, we will inform you in advance.

Furthermore, every data subject has the right to enforce his claims in court or to lodge a complaint with the competent data protection authority.

12. Amendments to the privacy policy

We expressly reserve the right to amend this privacy policy at any time. The current version published on our website applies.