Privacy policy of Bratschi Ltd.

1. Overview and scope

To run its business activities Bratschi (hereinafter referred to as «Bratschi», «we» or «us») collects and processes personal data.
Bratschi takes your privacy seriously. This privacy policy provides information on how and for what purposes we process your personal data (hereinafter «you»), which you disclose to us or which we collect from you. This privacy policy is not exhaustive; if necessary, further documents regulate specific, data protection-relevant issues (e.g. the mandate agreement). «Personal data» means all details and information relating to an identified or identifiable natural person.
 

2. Data controller and point of contact
The contact person for any queries you may have regarding data protection is:

Bratschi AG
Bahnhofstrasse 70
Postfach
8021 Zürich

Phone:    +41 58 258 10 00
E-Mail:    dataprotection@bratschi.ch
 

3. Data origin and data categories

On principle, we only process personal data that we receive or collect from our clients (hereinafter referred to as «customers»), interested parties, event participants and website visitors in the course of our business activities. To the extent permitted, we also collect certain data from public sources (e.g. debt collection register, commercial register, media, internet) or receive such data from other companies, public authorities or other third parties. If you provide us with personal data of any third-party, we ask you to ensure that these third-parties are made aware of this privacy policy and that you only share their personal data with us if you have been permitted to do so and if the corresponding personal data is correct.

The personal data or categories of personal data processed by us include, as the case may be, in particular personal and contact data (e.g. name, address, gender, date of birth, telephone number and e-mail address); identification details and background information (e.g. AHV number, signature samples, language); contractual data that we receive or collect in connection with the entering, conclusion and execution of contracts with you (e.g. services you have used or requested and related behavioural and transaction data, financial data for payment purposes such as bank account details); Transaction data (e.g. payment information, details of your payment order and information on the payment recipient resp. the beneficiary and the purpose of a payment); financial data (e.g. information on your assets and their origin, liabilities, income, sales and investments, as well as data relating to your securities and other financial instruments); information related to your professional profile (e.g. job title, position, type of employment); pension data (e.g. retirement assets, lump-sum withdrawals, purchases); tax data (all relevant documents and information, as well as information on religious denomination); information on adult protection measures (e.g. guardianships); Information for the processing of insured events (e.g. information on disability, health, retirement, death, purchase of residential property/real estate); real estate data (e.g. location address, type of property, purchase price, market value, property size, equipment, year of construction, condition, modernizations and other data in connection with the examination and processing of a financing and/or the brokerage of real estate); information for the processing of mortgages (e.g. purchase contract and other contracts, tax returns, salary data, marital status); Communication Data (e.g., content of emails, written correspondence, chat messages, social media posts, comments on websites, phone calls, video conferences, identification and/or marginal data); Documentation Data or data from your contacts with third parties (e.g., minutes of advisory meetings or interviews, memoranda, references); preference and marketing data (e.g., data when you access our website or some of our applications, data related to the marketing of services, such as newsletter subscriptions and unsubscriptions, materials received and specific activities, personal preferences and interests); Public data that can be obtained about you (e.g., land register and commercial register data, data from the media and the press); data in connection with proceedings or investigations by authorities, official agencies, courts, organizations or other bodies; data for compliance with legal requirements, such as in connection with combating money laundering; image and sound recordings (e.g., photos, videos and sound recordings, recordings of video surveillance systems and recordings of telephone and video conference calls) and technical data (e.g., IP address and other device IDs, identification numbers assigned to your device by cookies and similar technologies).
 

4. Purposes of processing as well as legal grounds

4.1 On principle within the scope of our business activities

We process your personal data primarily for those processing purposes that are necessary in connection with our business activities and the provision of our services. In particular, we process your personal data for the following purposes:

• to communicate with you, in particular to provide you with information or to process your requests.
• to be able to authenticate and identify you, for customer service and customer care;
• for the processing of contracts, namely in connection with the entering, conclusion and processing of contractual relationships. This includes all data processing that is necessary or appropriate in order to conclude, execute and, if necessary, enforce a contract, such as processing in order to decide whether and how (e.g. with which payment options) we enter into a contract with you (including the credit check), in order to provide contractually agreed services, in order to invoice our services and generally for accounting, processing job applications (e.g. managing and evaluating job applications, conducting interviews incl. creating personal profiles, obtaining reference information), to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.);
• to provide you with our services and our digital offers (e.g. website) and to evaluate and improve them;
• to invite you to events;
• to be able to carry out events to which we invite you;
• to inform you about new legal developments or to send you other information regarding our services;
• for customer care and marketing purposes, e.g. to send you written and electronic communications and offers and to carry out marketing campaigns. These may be our own offers or offers from our advertising partners. We may also process your personal data, in some cases automatically, with the aim of evaluating certain personal aspects (profiling) or making a preliminary selection in response to your inquiry about a product or service. We may use profiling in particular to provide you with targeted information about services;
• in connection with accounting, archiving of data and management of our archives;
• for training and education: We may process your personal data to provide internal training and education to our employees;
• when selling receivables, e.g. when we provide the purchaser with information about the reason for and amount of the receivable and, if applicable, the credit rating and behaviour of the debtor;
• for security measures, namely for IT and building security (such as access codes, visitor lists, prevention, defence and clarification of cyber-attacks and malware attacks, network and mail scanners, video surveillance, telephone records), as well as for the prevention and clarification of criminal offenses and other misconduct or conducting internal investigations, protection
  against misuse, evidentiary purposes, data analysis to combat fraud, evaluation of system-side records of the use of our systems (log data);
• in connection with restructurings or other corporate actions (e.g. due diligence, sale of companies, keeping of share registers, etc.);
• for assertion of legal claims and defence in connection with legal disputes as well as administrative proceedings in Switzerland and abroad, including clarification of litigation prospects and other legal, economic and other issues;
• to comply with our legal, regulatory (including self-regulatory) and internal requirements and
  rules in Switzerland and abroad, including compliance with court or administrative orders;
• other purposes: We may process your personal data for other purposes that are necessary to serve our legitimate interests.

We process your personal data for the above-mentioned purposes, depending on the situation, in particular based on the following legal bases:

• the processing of personal data is necessary for the fulfilment of a contract with you or precontractual measures;
• you have given your consent to the processing of personal data concerning you;
• the processing of personal data is necessary for the fulfilment of a legal obligation;
• the processing is necessary to protect the vital interests of the data subject or another natural
  person; or
• we have a legitimate interest in processing the personal data, and our legitimate interests may include, in particular, the following interests: providing good customer service, maintaining contact and communicating with customers outside of a contract; in advertising and marketing activities; in improving services and developing new ones; in combating fraud; in protecting customers, employees and others, as well as our data, trade secrets and assets; in ensuring adequate security (both physical and digital); ensuring and organizing business operations, including the operation and development of websites and other systems; managing and developing our business; selling or buying companies, parts of companies and other assets; enforcing or defending legal claims; complying with Swiss and foreign law and other rules applicable to us. 

4.2 While accessing our website

Our website collects a series of user information with each access, which is stored in the log files of the server. The information collected includes, among other things, the IP address, the date and time of access, the time zone difference to the GMT time zone, the name and URL of the file accessed, the website from which access is made, the browser and the operating system used. The collection of this information or data is technically necessary to display our website to you and to ensure its stability and security. This information is also collected to improve the website and analyse its use.

4.3 Newsletter

If you subscribe to our bratschiLETTER, our bratschiBLOG or our bratschiNEWS (hereinafter collectively referred to as «newsletter»), we use your e-mail address and other contact data to send you the newsletter. The newsletter is sent using the dispatch service provider MailChimp, a newsletter dispatch platform of The Rocket Science Group LLC d/b/a Mailchimp, Atlanta, USA. The privacy policy and further information for MailChimp can be found here: https://mailchimp.com/de/gdpr/ and https://www.intuit.com/privacy/statement/.

You can subscribe to our newsletter with your consent. Mandatory data for the transmission of the newsletter are your full name and your e-mail address, which we store after your registration. The legal basis for the processing of your data in connection with our newsletter is your consent to the sending of the newsletter. You can revoke this at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter, by e-mail to dataprotection@bratschi.ch or by sending a message to the contact details provided in the imprint.

4.4 E-mail, telephone calls and video conferences

You can contact us via the e-mail address and telephone number provided. The personal data you provide to us will be stored and processed by us for the purpose of fulfilling your request. The legal basis for this personal data processing is your consent and our legitimate interest in processing your request. 

If you contact us by e-mail, you authorize us to reply to you via the same channel. Please note that unencrypted e-mails are transmitted via the open Internet, which is why it being viewed, accessed and/or manipulated by third parties cannot be ruled out. We exclude – to extend permitted by applicable law – any liability which you may incur in particular as a result of faulty transmission, falsification of content or disruption of the network (interruptions, overload, illegal interventions, blocking). 

Telephone and video conference calls with us may be recorded, whereas you will be informed of any recording at the beginning of each call. If you do not want us to record such conversations, you can terminate the conversation at any time and contact us by other means (e.g. by e-mail or post).

4.5 Contact form

You can contact us via the contact form provided on our website. Mandatory information for the use of the contact form is the entry of your name, e-mail address and zip code / city and subject. The personal data you send us will be stored and processed by us for the purpose of dealing with your inquiry. The legal basis for this personal data processing is your consent and our legitimate interest in processing your request.

4.6 Cookies

Our website may use so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the computer system of the user or a mobile device. The cookie contains a characteristic string of characters that enables unique identification of the browser or mobile device when the website is called up again. 

The purpose of the use of cookies is on the one hand to enable and simplify the use of our website for you. Some functions of our website cannot be offered without the use of cookies (so-called technically necessary cookies). On the other hand, we also use cookies/tools for the analysis of user behaviour on our website, namely for range measurement, and finally also for marketing purposes.

4.6.1 Technically necessary cookies

Technically necessary cookies are required for our website to function properly. Therefore, these cookies cannot be switched off in our systems. They usually record important actions, such as the number of requests made, editing your data protection settings or filling out forms. Although you can block these cookies in your browser, some parts of our website may then no longer function. The legal basis for data processing when using technically necessary cookies is our legitimate interest, which lies primarily in ensuring the functionality and improvement of our website.

4.6.2 Analytical and marketing cookies

Analytical cookies allow us to analyse visitor behaviour and traffic sources so that we can measure the performance of our website and improve the user experience. They help us identify how popular which pages are and show how visitors move around our website. 

Marketing cookies allow us to deliver advertising that is relevant to you. These cookies can remember that you have visited our website and share this information with other companies, including other advertisers.

Specifically, we use the following analytics and marketing cookies:

• Matomo Analytics. The privacy policy for Matomo Analytics can be found here:
  https://matomo.org/privacy-policy/.

You can object to the use of cookies, for example (i) by selecting the appropriate settings in your browser or (ii) by using appropriate cookie blocker software (e.g. ghostery etc.).

4.7 Social Media Plug-ins

We use the social media plug-ins contained in the following table on our website. We use the socalled two-click solution, whereby no personal data is initially passed on to the providers of the plug-ins when you visit our website. Only when you click on the marked plug-in field and thereby activate it, the plug-in provider receives the information that you have accessed our website. In addition, the data mentioned in section 4.2 of this declaration will be transmitted. The legal basis for processing your data in connection with social media plug-ins is our legitimate interest in enabling our users to use the social media plug-ins. 

We have no influence on the collected data and data processing procedures of the plug-in providers. These are subject to the respective data protection declarations of the third-party providers. For further information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the privacy statements of these providers provided below.

LinkedIn: LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy

XING: New Work SE: https://privacy.xing.com/de/datenschutzerklaerung

4.8 Job applications

You can submit your application for a position with us by post or e-mail. The application documents and all personal data disclosed to us in this way will be treated as strictly confidential, will not be disclosed to any third-parties and will only be processed for the purpose of handling your application for employment with us. Unless you have given your consent to the contrary, your application file will either be returned to you or deleted/destroyed after completion of the application process, unless it is subject to a legal obligation to retain it. The legal basis for processing your data is your consent, the fulfilment of the contract with you and our legitimate interests. 
 

5. Disclosure of personal data to recipients and abroad

5.1 Disclosure of personal data to recipients

In addition to the data transfers to recipients expressly mentioned in this privacy policy, we may disclose personal data to the following categories of recipients, to the extent permitted:

• providers to whom we have outsourced certain services (e.g. IT and hosting providers, external accounting, collection services, photographers, banks, etc.) as well as other suppliers and subcontractors;
• third parties who collect data about you via websites;
• authorised representatives;
• insurance, social security;
• Credit rating agencies, which store this data for credit ratings;
• Prospective buyers or investors in the event of restructuring or other corporate actions;
• Auditors;
• (Counter)Parties in potential or actual legal proceedings or litigation;
• domestic and foreign authorities, administrative bodies or courts.

5.2 Data transfer to other countries

In principle, your personal data is processed in Switzerland. However, in certain cases (e.g. when using certain service providers or certain software applications), your personal data may also be transferred abroad, primarily to member states of the European Union and the EEA, but also in some cases to other countries worldwide, in particular to New Zealand (mainly in connection with
cookies).

If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided by law by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or rely on the legal exceptions of consent, contract performance, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law and foreign laws as well as official orders may require the transfer of this data to authorities and other third parties.
 

6. How long do we store your data?

We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal (e.g. legal retention periods), or contractual requirements. We retain personal data that we store on the basis of a contractual relationship with you during the length of time the contractual relationship exists and potential legal claims may be made or contractual retention obligations exist. As soon as your personal data is no longer required for any of the above-mentioned purposes, it will be set on passive, deleted or anonymized as far as possible.
 

7. Your rights

Within the scope of the data protection law applicable to you and insofar as provided therein, you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the release of certain personal data for the purpose of transfer to another location (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If you incur costs, we will inform you in advance. 

Where we process your data on the basis of your consent, you can revoke your consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. 

The exercise of such rights generally requires that you positively prove your identity (e.g. by means of a copy of your ID or passport, if your identity is otherwise not clear or cannot be verified). To exercise your rights, you may contact us at the addresses given in Section 2 of this data protection declaration (by post or e-mail). 

In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
 

8. Data security

We take appropriate security measures of a technical and organizational nature to safeguard the security of your personal data, namely to protect it against unauthorized or unlawful processing and to protect it against the risk of loss, accidental alteration, unauthorized disclosure or access. Like all companies, however, we cannot exclude the possibility of data breaches with absolute certainty, because certain residual risks are unavoidable. As part of our security measures, we use firewalls, logging and encryption in particular, have authorization concepts and have implemented other protective measures to ensure the most complete possible protection of personal data.
 

9. Updates to this privacy policy

We expressly reserve the right to amend this privacy policy at any time. If such amendments are made, we will immediately publish the amended privacy policy on our website. The data protection policy published on our website is valid in each case.