PRIVACY POLICY

(in accordance with the Swiss Data Protection Act, effective as of September 1, 2023)

In this Privacy Policy, we, the TREUREVA GROUP, consisting of Treureva AG and its subsidiaries, GHM Partners AG, GHM Partners Rechtsanwälte und Notare GmbH, Avanta AG, AVANTA TREUHAND AG, AVANTA AUDIT AG, AVANTA AUDIT ZÜRICH AG (hereinafter referred to as the TREUREVA GROUP, we, or us), describe how we collect and process personal data. This Privacy Policy is not exhaustive; specific matters may be governed by other statements related to data protection. For the purposes of this Privacy Policy, personal data refers to any information relating to an identified or identifiable individual.

The TREUREVA GROUP and its subsidiaries, unless otherwise specified in individual cases, are responsible for the data processing described here. Inquiries regarding data protection can be addressed to us by mail or email, along with a copy of the user’s ID or passport for identification purposes:

TREUREVA AG
Oliver Habke
Othmarstrasse 8
8008 Zurich
Tel. +41 58 255 72 00
oliver.habke@treureva.ch

We process personal data primarily in the following categories of processing:

  • Customer data from customers for whom we provide or have provided services.
  • Personal data indirectly obtained from our customers during service provision.
  • When visiting our website.
  • When using our newsletter.
  • When participating in an event organized by us.
  • During communication or in-person visits.
  • In the context of other contractual relationships, e.g., as a supplier, service provider, or consultant.
  • In the case of job applications.
  • When required by legal or regulatory obligations.
  • When fulfilling our due diligence obligations or pursuing other legitimate interests, such as avoiding conflicts of interest, preventing money laundering or other risks, ensuring data accuracy, assessing creditworthiness, ensuring security, or enforcing our rights.

More detailed information can be found in the description of the respective categories of processing in section 4.

The types of personal data we process depend on your relationship with us and the purpose for which we process the data. In addition to your contact details, we may process further information about you or individuals associated with you. Some of these pieces of information might be considered particularly sensitive personal data.

We collect the following categories of personal data, depending on the purpose of processing:

  • Contact information (e.g., name, first name, address, telephone number, email)
  • Customer information (e.g., date of birth, nationality, marital status, profession, title, job description, passport/ID number, social security number)
  • Risk assessment data (e.g., credit information, commercial register data)
  • Financial information (e.g., bank account details)
  • Potentially additional information (e.g., diplomas, employment certificates, criminal record extract, debt enforcement register extract, insurance policies, further education certificates, protocols)
  • Website data (e.g., IP address, device information, browser details, website usage (analytics and plugin usage, etc.))
  • Application data (e.g., CV, employment certificates)
  • Marketing information (e.g., newsletter subscription)
  • Security and network data (e.g., visitor lists, access controls, network and email scanners, phone call logs)
  • Case files (mandate agreements, copies of invoices, correspondence) in the event of objections, mediation, or legal proceedings.

The provision of this personal data is explicitly voluntary. Without this personal data, we will not be able to provide the requested services to the user in the desired quality or at all.

To the extent permitted, we also obtain certain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, press, internet) or receive such data from our customers and their employees, authorities, (arbitration) courts, and other third parties. In addition to the data you provide directly to us, the categories of personal data we receive from third parties about you include information from public registers, information we learn in connection with administrative and judicial proceedings, information related to your professional functions and activities (if necessary), information about you in correspondence and meetings with third parties, credit reports, information about you provided to us by individuals in your circle (family, advisors, legal representatives, etc.) to allow us to act comprehensively on your behalf, enabling us to enter into or execute contracts with you or involving you (e.g., references, delivery addresses, authorizations), information to comply with legal requirements such as anti-money laundering and sanction restrictions, information from banks, insurers, distribution and other contractual partners of ours for the use or provision of services by you, information from media and the internet about you (where appropriate in specific cases, e.g., in the context of an application, etc.), your addresses, and possibly interests and additional socio-demographic data (for marketing), data related to website usage (e.g., IP address, smartphone or computer MAC address, device and settings information, cookies, date and time of visit, accessed pages and content, used functions, referring website, location data).

4.1.    Provision of Services

Primarily, we process the personal data that we receive in the context of our contractual relationship with our customers and other contractual relationships with business partners and involved parties.

For our customer’s personal data, we especially process the following information:

  • Contact information (e.g., name, first name, address, telephone number, email, other contact details)
  • Personal information (e.g., date of birth, nationality, marital status, profession, title, job description, passport/ID number, social security number, family relations, etc.)
  • Risk assessment data, where necessary for fulfilling the contract (e.g., credit information, commercial register data, sanction lists, specialized databases, data from the internet)
  • Particularly sensitive personal data: These may include particularly sensitive personal data, such as data from ongoing or concluded criminal proceedings.

We process these personal data for the described purposes based on the following legal bases:

  • Conclusion or execution of a contract with the data subject or in favor of the data subject, including contract initiation and possible enforcement.
  • Fulfillment of a legal obligation.
  • Protection of legitimate interests (e.g., for administrative purposes, improving our quality, ensuring security, risk management, enforcing our rights, defending against claims, examining potential conflicts of interest).
  • Consent (e.g., to send marketing information).

If the processing is based on your consent or our legitimate interests, you can revoke your consent or object to such processing at any time by contacting us directly. Please note that the revocation of your consent does not affect the lawfulness of the processing based on consent before its withdrawal.

4.2.    Indirect Data Processing from Service Provision

When providing services to our customers, we may process personal data that we have not directly collected from the individuals concerned or personal data of third parties. These third parties are typically the employer of the customer. If we collect and process such data, we require this personal data to fulfill our mandate correctly. We receive this personal data from our corporate customers.

For individuals associated with our customers, the personal data we process includes, but is not limited to, the following information:

  • Contact information (e.g., name, first name, address, telephone number, email, other contact details, marketing data)
  • Personal information (e.g., date of birth, nationality, marital status, profession, title, job description, diplomas, CVs, employment certificates)
  • Particularly sensitive personal data: These may include particularly sensitive personal data, such as data from ongoing or concluded criminal proceedings.

We process these personal data for the described purposes based on the following legal bases:

  • Fulfillment of a legal obligation.
  • Protection of legitimate interests (e.g., for administrative purposes, improving our quality, ensuring security, risk management, enforcing our rights, defending against claims, examining potential conflicts of interest).

4.3.    Use of Our Websites

Our websites encompass the following domains:

https://www.treureva.ch/

https://www.treureva.com

https://ghm-partners.com/

https://avanta.ch/

https://pk-revision.ch

https://www.integralis-sqb.ch/

While using our websites, no personal data needs to be disclosed. However, with each visit, the server records a set of user information, which is temporarily stored in the server’s log files.

When using this general information, there is no association with a specific person. The collection of this information or data is technically necessary to display our website and ensure its stability and security. This information is also collected to improve the websites and analyze their usage.

This particularly includes the following information:

  • Contact information (e.g., name, first name, address, telephone number, email)
  • Further information you transmit to us via the website
  • Automatically transmitted technical information, user behavior information, or website settings to us or our service providers (e.g., IP address, device type, browser, number of clicks on the page, opening the newsletter, clicking on links, etc.)

We process these personal data for the described purposes based on the following legal bases:

  • Protection of legitimate interests (e.g., for administrative purposes, improving our quality, analyzing data, or promoting our services)
  • Consent (e.g., for the use of cookies or the newsletter).

4.4.    Newsletter Usage

If you subscribe to our newsletter or receive customer information through newsletters as a customer, we use your email address and additional contact details to send you the newsletter. You can subscribe to our newsletter with your consent. Mandatory information for sending the newsletter includes your full name and email address, which we store after your registration. The legal basis for processing your data in connection with our newsletter is your consent to receive the newsletter. You can revoke this consent at any time and unsubscribe from the newsletter.

4.5.    Participation in Events

When you participate in an event organized by us, we collect personal data to organize and carry out the event, and potentially to send you additional information afterward. We also use your information to inform you about upcoming events. It is possible that you may be photographed or filmed by us during these events, and we may publish this visual material internally or externally.

This particularly includes the following information:

  • Contact information (e.g., name, first name, address, telephone number, email)
  • Personal information (e.g., profession, role, title, employer company, dietary preferences)
  • Images or videos
  • Payment information (e.g., bank details)
  • Opinion surveys and questionnaires
  • Attendance checks

We process these personal data for the described purposes based on the following legal bases:

  • Fulfillment of a contractual obligation with the data subject or in favor of the data subject, including contract initiation and possible enforcement (enabling participation in the event)
  • Protection of legitimate interests (e.g., event organization, dissemination of information about our event, service provision, efficient organization)
  • Consent (e.g., to send marketing information or create visual material).

4.6.    Direct Communication and Visits

When you contact us (e.g., via phone, email, or social media) or we contact you, we process the necessary personal data for that communication. We also process this personal data when you visit us. In this case, you may need to provide your contact details before your visit or at the reception. We retain these details for a certain period to protect our infrastructure and information.

For conducting telephone conferences, online meetings, or video conferences (“Online Meetings”), we usually use the “Microsoft Teams” service unless a customer requests a different service.

We process the following information in particular:

  • Contact information (e.g., name, first name, address, telephone number, email)
  • Communication metadata (e.g., IP address, duration of communication, login and logout times, communication channel)
  • Recordings of conversations, e.g., in video conferences
  • Other information that the user uploads, provides, or creates during the use of the video conferencing service, as well as metadata used for maintaining the provided service. For additional information about the processing of personal data by “Microsoft Teams,” please refer to their privacy policies.
  • Personal information (e.g., profession, role, title, employer company)
  • Time and reason for the visit

We process these personal data for the described purposes based on the following legal bases:

  • Fulfillment of a contractual obligation with the data subject or in favor of the data subject, including contract initiation and possible enforcement (service provision)
  • Protection of legitimate interests (e.g., security, traceability, as well as handling and administration of customer relationships).

4.7.    Job Applications

You can submit your job application to us by mail or through the email address provided on our website or our application portal. The application documents and all personal data provided to us as part of the application process will be treated as strictly confidential, not disclosed to any third parties, and processed solely for the purpose of processing your job application with us. Without your contrary consent, your application dossier will be either returned to you or deleted/destroyed after the conclusion of the application process, unless it is subject to a legal retention obligation. The legal bases for processing your data include your consent, the fulfillment of the contract with you, and our legitimate interests.

We process the following information in particular:

  • Contact information (e.g., name, first name, address, telephone number, email)
  • Personal information (e.g., profession, role, title, employer company)
  • Application documents (e.g., cover letter, certificates, diplomas, CV)
  • Evaluation information (e.g., recruiter assessment, references, assessments)

We process these personal data for the described purposes based on the following legal bases:

  • Protection of legitimate interests (e.g., hiring new employees)
  • Consent

4.8.    Suppliers, Service Providers, Other Contractual Partners

When we enter into a contract with you for the provision of a service, we process personal data of you or your employees. We require this data to communicate with you and to utilize your services. Simultaneously, you process personal data of us, our employees, and/or customers. For these purposes, we will establish a separate data processing agreement.

We process the following information in particular:

  • Contact information (e.g., name, first name, address, telephone number, email)
  • Personal information (e.g., profession, role, title, employer company)
  • Financial information (e.g., bank details)

We process these personal data for the described purposes based on the following legal bases:

  • Conclusion or execution of a contract with the data subject or in favor of the data subject, including contract initiation and possible enforcement.
  • Protection of legitimate interests (e.g., avoiding conflicts of interest, protecting the company, enforcing legal claims).

W

We use cookies on our website. These are small files that your browser automatically creates and stores on your device (such as laptop, tablet, smartphone) when you visit our site.

Cookies store information related to the specific device being used. However, this does not mean that we directly obtain knowledge of your identity through them. The use of cookies serves, on one hand, to make your use of our offerings more convenient. For example, we use session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.

Furthermore, we also use temporary cookies to enhance user-friendliness, which are stored on your device for a defined period. When you revisit our site to avail our services, it is automatically recognized that you have been with us before and what inputs and settings you made so you don’t have to enter them again. On the other hand, we use cookies to statistically record the usage of our website and evaluate it for the purpose of optimizing our offerings for you. These cookies allow us to automatically recognize that you have visited our site again. These cookies are automatically deleted after a defined time period.

The data processed by cookies is necessary for the mentioned purposes. Most browsers accept cookies automatically. However, you can configure your browser in a way that no cookies are stored on your computer or that you receive a notification before a new cookie is created. However, completely deactivating cookies may result in you not being able to use all the features of our website.

All customer information is stored in a customer relationship management software (CRM) system. The software and data are hosted on a server located in a data center in Switzerland. We have separate data processing agreements with both the provider and all IT service providers involved.

In order to gain insights into the usage of our website and to reach you with advertising on third-party websites or on social media, we utilize common web analytics tools and re-targeting technologies, such as Google Analytics.

These tools are provided by third-party providers. Generally, the information collected for this purpose about the usage of a website is transmitted to the server of the third-party provider through the use of cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad.

Data transmission typically occurs with truncated IP addresses, which prevents the identification of individual devices. Transmission of this information by third-party providers only occurs in accordance with legal requirements or as part of data processing agreements.

7.1.    Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, located in Mountain View, California, USA, with responsibility for Europe assigned to Google Limited Ireland (“Google”). To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=en. Google Analytics uses cookies, which are small text files that enable the storage of specific user-related information on the user’s device. These cookies allow an analysis of the usage of our website by Google. The information collected by the cookie about the usage of our pages (including your IP address) is usually transmitted to a Google server in the USA and stored there.

For data transfers to the USA, Google has committed to signing and adhering to the EU Standard Contractual Clauses.

7.2.    Google Maps

On our website, we use Google Maps (API) provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; with responsibility for Europe assigned to Google Limited Ireland (“Google”)). Google Maps is a web service for displaying interactive (land) maps to visually present geographic information. By using this service, our location is displayed to you and facilitates potential directions. When you access the subpages that include Google Maps, information about your usage of our website (such as your IP address) is transmitted to servers of Google in the USA and stored there. This occurs whether or not you have a Google account and are logged in. If you are logged in to Google, your data is directly associated with your account. If you do not wish for this association with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them.

For data transfers to the USA, Google has committed to signing and adhering to the EU Standard Contractual Clauses.

7.3.    Social Media Plugins

On our website, we use social media plugins (“plugins”) provided by third parties. The plugin can be identified by the logo of the respective social network. Through these plugins, we offer you the opportunity to interact with social networks and other users. We use the following plugins on our website: LinkedIn.

When you visit our website, your browser establishes a direct connection to the servers of the third-party provider. The content of the plugin (e.g., LinkedIn) is transmitted directly from the respective third-party provider to your browser and integrated into the page.

The data transmission for displaying content (e.g., publications on LinkedIn) occurs regardless of whether you have an account with the third-party provider and are logged in there. If you are logged in to the third-party provider, the data collected by us is also directly associated with your existing account there. When you activate the plugins, the information is also published on the social network and displayed to your contacts. The purpose and scope of data collection and the further processing and use of data by the third-party providers, as well as your related rights and privacy protection settings, can be found in the privacy notices of the third-party providers. The third-party provider stores the data collected about you as usage profiles and uses them for advertising, market research, and/or personalized design of their website. Such evaluation is also carried out for users who are not logged in to display personalized advertising and to inform other users of the social network about your activities on our website. If you wish to prevent the third-party providers from associating the data collected via our website with your personal profile on the respective social network, you must log out of the relevant social network before visiting our website. You can also completely prevent the loading of plugins using specialized add-ons for your browser.

7.4.    Newsletter Tracking

For the purpose of sending and analyzing our newsletters, we use common software tools. These tools allow newsletters to be sent and analyzed. To conduct this analysis, we collect device and access data. The newsletter itself and the web pages accessible through the newsletter are also tracked using cookies.

With the help of these technologies, we receive information about whether the newsletter has been delivered, opened, and which contents have been clicked on. We use this information to improve our newsletter and our offerings.

We only disclose your data to third parties if it is necessary for the provision of our services, if these third parties provide a service for us, if we are legally or administratively obligated to do so (e.g., to authorities, courts, arbitration bodies, law enforcement agencies, supervisory authorities, lawyers, and other parties in potential or actual legal proceedings), or if we have a predominant interest in sharing personal data. An exception to this is the internal sharing with other companies within the TREUREVA GROUP for the purpose of optimizing our activities for you. We will also share personal data with third parties if you have given your consent or requested us to do so.

We carefully select our partners and data processors, ensuring that they have appropriate technical and organizational measures in place in accordance with legal requirements. Our data processors can only process personal data on documented instructions from us.

Not all personal data are transmitted in encrypted form by default. Unless explicitly agreed otherwise with the customer, customer data is transmitted without encryption.

The following categories of recipients may receive personal data from us:

  • Service providers (e.g., IT service providers, hosting providers, suppliers, event organizers, consultants, lawyers, insurers).
  • Third parties in the context of our legal or contractual obligations, authorities, government bodies, courts.

We enter into agreements with service providers that process personal data on our behalf, obligating them to ensure data protection. Our service providers are primarily located in Switzerland or the EU/EEA. Certain personal data may also be transferred to the USA (e.g., Google Analytics data) or in exceptional cases to other countries worldwide. If data transfers to other countries without adequate data protection levels are necessary, they will be based on EU Standard Contractual Clauses (e.g., in the case of Google) or other suitable instruments.

We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations or for the purposes pursued with the processing. This means, for example, for the entire duration of the business relationship (from initiation, execution, to termination of a contract) and beyond, in accordance with legal retention and documentation obligations. It is possible that personal data will be retained for the period in which claims can be made against our company (especially during the statutory limitation period) and to the extent that we are otherwise legally obligated or have legitimate business interests to do so (e.g. for evidence and documentation purposes). Once your personal data is no longer required for the aforementioned purposes, it will generally be deleted or anonymized to the extent possible. For operational data (e.g. system logs), shorter retention periods of twelve months or less generally apply.

We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. These measures include issuing directives, providing training, using IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, and controls.

We may use third parties as data processors to collect and process your personal data. The data processors we engage will only process your personal data according to our instructions and are legally obligated to implement strict security measures when handling personal data.

Please be aware that transmitting data over the internet is not entirely secure. While we make every effort to protect your personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at your own risk. For this reason, you are free to transmit your personal data to us through alternative means, such as by phone. Once we receive your data, we apply strict procedures and security measures to prevent unauthorized access.

As part of our contractual relationship, you are required to provide the personal data that is necessary for initiating and conducting a business relationship and fulfilling the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will not be able to enter into a contract with you (or the entity or individual you represent) or fulfill it. The website also cannot be used if certain information required for ensuring data traffic (such as IP address) is not disclosed.

The personal data collected through our website is stored in Switzerland. Additionally, we may transmit, store, and process your personal data at data locations worldwide, for example, where our third-party providers or partners are located. Therefore, we may transfer your personal data outside the European Economic Area (EEA) if it is necessary for the data processing described in this privacy policy and in accordance with applicable law.

When transferring data to countries that do not provide an adequate level of protection, we ensure appropriate data protection measures are in place. These measures include suitable safeguards such as contractual guarantees (based on EU standard contractual clauses), binding corporate rules, data transmission with your explicit consent, the conclusion or fulfillment of a contract with you, or in connection with the establishment, exercise, or enforcement of legal claims.

Please be aware that if you click on a link to a third-party website (such as Google, social media, or other websites), you will be redirected to a website that we do not control, and our privacy policy will no longer apply. Your browsing and interaction on another website are subject to the terms of use and privacy policies of those third-party websites. Additionally, we cannot guarantee the accuracy and currency of these links.

We recommend that you carefully read the terms of use, privacy policies, and notices of other websites before transmitting personal data through those websites. We are not responsible or liable for the information content and data processing of such third-party websites.

In connection with our processing of personal data, you have the following rights:

  • Right to Information: You have the right to request information about the personal data stored about you, the purpose of the processing, the origin of the data, and the categories of recipients to whom the personal data is disclosed.
  • Right to Rectification: If your data is incorrect or incomplete, you have the right to request its correction.
  • Right to Restriction of Processing: You have the right to request the restriction of the processing of your personal data.
  • Right to Erasure: You can request the deletion of the processed personal data.
  • Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance.
  • Right to Object: You can object to the processing of personal data or withdraw your consent to the processing of personal data at any time without giving reasons.
  • Right to Lodge a Complaint: If applicable under the law, you have the right to lodge a complaint with a competent supervisory authority.

To exercise these rights, please contact the address provided in section 1 of this privacy policy. However, please note that we reserve the right to invoke legal limitations if required by law, such as mandatory retention or processing of certain data, our overriding interest (if we are entitled to rely on it), or if we need the data for asserting claims. If any costs are incurred for you, we will inform you in advance.

We expressly reserve the right to change this privacy policy at any time. The current version of the privacy policy as published on our website applies.

Last updated: End of August 2023

Zug, August 28th 2023
This translation of the privacy policy is based on the German version. In case of differing interpretations, the German version shall prevail.

CALL US OR
WRITE TO US

GHM Partners AG
Poststrasse 24
Postfach
CH-6302 Zug
T +41 58 255 73 00
F + 41 58 255 73 99
info@ghm-partners.com