Privacy Policy

In this Privacy Policy, we, Hirzel.Neef.Schmid.Konsulenten AG (hereinafter referred to as HNS, we or us), explain how we collect and otherwise process personal data. This Privacy Policy is not an exhaustive description; other statements relating to data protection may govern specific circumstances. For the purposes of this Privacy Policy, personal data means all information relating to an identified or identifiable person.

If you provide us with personal data of other people (e.g. family members, data of colleagues), please ensure that they are familiar with this Privacy Policy and only provide us with their personal data if you are permitted to do so and if the personal data is correct.

This Privacy Policy is designed to comply with the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“FADP”) and the revised Swiss Data Protection Act (“revFADP”). However, whether and to what extent these laws are applicable depends on the individual case.

 

1.  Data Controller/Data Protection Officer

HNS is responsible for the data processing described here. Data privacy concerns or enquiries in connection with this policy can be addressed to HNS’s Data Protection Officer using the following contact details:

Hirzel.Neef.Schmid.Konsulenten AG
Data Protection Officer
Kirchenweg 8
8008 Zurich, Switzerland

datenschutz@konsulenten.ch

 

2.  Collection and processing of personal data

We primarily process personal data that we receive from our customers and other business partners in connection with our business relationship with them and other parties involved with them or that we collect from users during the use of our website and other applications. Where permitted, we also collect some data from publicly accessible sources (e.g. the debt enforcement register, land registers, the commercial register, press, internet) or receive such data from other companies, public authorities and other third parties. In addition to your data that you provide to us directly, the categories of personal data that we receive about you from third parties include:

• in particular, information from public registers, information that we obtain in connection with official and judicial proceedings,
• information relating to your professional functions and activities (e.g. so that we can conclude and process transactions with your employer with your help),
• information about you in correspondence and meetings with third parties, credit checks (insofar as we conduct business with you personally),
• information about you provided to us by persons connected to you (family, advisors, legal representatives, etc.) so that we can enter into or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney),
• information on compliance with legal requirements such as combating money laundering and export restrictions, information from banks, insurance companies, distributors and other contractual partners of ours regarding the use or provision of services by you (e.g. payments made, purchases made),
• information about you from media and the internet (insofar as this is appropriate in the specific case, e.g. in connection with an application, press review, marketing/sales, etc.),
• your addresses and potentially your interests and other sociodemographic data (for marketing), data relating to your use of the website (such as IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and content accessed, functions used, referring website, location information).

 

3. Purpose of data processing and legal basis

We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of advising our customers and purchasing products and services from our suppliers and subcontractors, as well as to comply with our legal obligations in Switzerland and abroad. If you work for such a customer or business partner, your personal data may of course also be affected in this capacity.

In addition, where permitted and deemed appropriate to us, we also process your personal data and that of other persons for the following purposes in which we (and sometimes also third parties) have a corresponding legitimate interest:

• offering and developing our offers, services and websites, apps and other platforms on which we are present;
• communicating with third parties and processing their enquiries (such as applications, media enquiries);
• reviewing and optimising procedures for needs analyses for direct customer contact as well as collecting personal data from publicly accessible sources for the purpose of customer acquisition;
• advertising and marketing (including hosting events) unless you have objected to the use of your data. If we send you advertising from us as an existing customer, you can object to this at any time and we will then stop contacting you for the purposes of advertising;
• market and opinion research, media monitoring;
• asserting legal claims and defence in relation to legal disputes and administrative proceedings;
• preventing and investigating criminal offences and other misconduct (e.g. conducting internal investigations, analysing data to combat fraud);
• guarantees of our operations, especially IT, our websites, apps and other platforms;
• video surveillance to safeguard domiciliary rights and other measures in the interests of IT, building and system security and to protect our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);

If you have consented to the processing of your personal data for specific purposes (e.g. when subscribing to newsletters or if a background check is performed), we will process your personal data within the framework of and based on this consent, unless we have another legal basis and require consent to this effect. Consent that has been granted can be revoked at any time, although this has no effect on data processing that has already taken place.

No automated decisions and profiles: HNS does not use the personal data it collects from you to make decisions solely based on automated processing, and HNS does not automatically process your personal data for the purpose of evaluating certain personal aspects (profiling).

 

4.  Cookies

This website uses cookies and similar technologies to identify your browser or device. Cookies are small text files that are saved on your end device on a permanent or temporary basis when you visit this website. The main purposes of our use of cookies are to analyse the use of this website for statistical analysis and to make continuous improvements in order to make the user experience more efficient. You can deactivate cookies in whole or in part at any time in your browser settings.

For more information, please refer to our Cookie Policy https://konsulenten.ch/de-ch/hirzel-neef-schmid-konsulenten.html#cookie-richtlinie.

 

5.  Analytics/statistics

We do not use any analytics tools on our website.

 

6.  Data forwarding and data transfer abroad

Within the scope of our business activities and the purposes set out in Section 3, we also disclose data to third parties, to the extent permitted and deemed appropriate by us, either because they process this data on our behalf or because they wish to use it for their own purposes. This concerns the following in particular:

• service providers of ours (e.g. banks, insurance companies), including order handlers (e.g. IT providers);
• merchants, suppliers, subcontractors, auxiliary persons (such as, in particular, lawyers, law firms and experts used in Switzerland and abroad) and other business partners; customers, clients and companies affiliated with them and their counterparties in Switzerland and abroad; domestic and foreign authorities, official bodies or courts as well as courts of arbitration;
• media, the public, including visitors to websites and social media;
• competitors, industry organisations, associations, organisations and other bodies;
• any counterparties or interested parties in connection with transactions under company law;
• other parties in possible or actual legal proceedings;
• other HNS companies; all joint recipients.

Some of these recipients are located in Switzerland, although they may be located in any countries around the globe. In particular, the data may be transferred to countries in which our clients, their affiliated companies, counterparties or business partners, the service providers or experts involved are present or in which our clients and their group companies have been involved in proceedings.

Typically, HNS hardly collects any particularly sensitive data in accordance with the Data Protection Act (Art. 3 lit. c). This includes data on health, political opinions, religious or ideological beliefs, trade union membership, genetic data, biometric data for the unique identification of a natural person, as well as data on criminal convictions and offences. Should they be collected, they would only be passed on with express consent.

HNS does not sell personal data to third parties.

 

7.  Duration of the retention of personal data

We process and store your personal data for as long as this is necessary for the fulfilment of our contractual and legal obligations or as is otherwise necessary for the purposes pursued through its processing, i.e. for the duration of the entire business relationship (from its initiation and execution through to contract termination) and furthermore in accordance with statutory safekeeping and documentation obligations. Within this context, it may be that your personal data is stored for the period in which claims may be asserted against our company and insofar as we are otherwise legally obliged to do so or this is required by legitimate business interests (e.g. for evidential or documentation purposes). As soon as your personal data is no longer needed for the above purposes, it will always be deleted or anonymised as far as possible. As a basic principle, the shorter retention periods of twelve months or less apply to operational data (e.g. system protocols, logs).

 

8.  Data security

We take appropriate technical and organisational security precautions to protect your personal data against unauthorised access and misuse.

 

9.  Obligation to provide personal data

As part of our business relationship, you must provide the personal data required to enter into and conduct a business relationship and to fulfil associated contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without this data, we will generally not be able to conclude or process a contract with you (or the body or person that you represent). What is more, the website cannot be used if certain information required to safeguard data traffic (such as the IP address) is not disclosed.

 

10.  Rights of the data subject

Within the context of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right of access, rectification, erasure, the right to limit data processing and otherwise to object to our data processing and to the surrender of certain personal data for the purpose of transferring this to another body (“data portability”). Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to refer to this) or if we need this data in order to assert claims. If you incur any costs, we will inform you in advance. We informed you in Section 3 that you are entitled to withdraw your consent. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as the early termination of the contract or cost implications. We will inform you in advance if this is not already contractually regulated.

The exercise of such rights usually requires that you clearly prove your identity (e.g. by producing a copy of your identity card where your identity is otherwise not clear or cannot be verified). In order to assert your rights, you may contact us at the address provided in Section 1.

Data subjects can also assert their rights in court and have the right to file a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

 

11. Changes

We may amend this Privacy Policy at any time without advance notice. The version currently published on our website shall apply.