Privacy Policy.
1. Who we are
Copartner Revision AG is a company that provides accounting, tax, and auditing services.
Our range of services includes, among other things:
- Auditing (ordinary and limited audits, other statutory audits for incorporations, capital increases and reductions, audits of pension funds and foundations, etc.)
- Business and management consulting (company valuations, due diligence, preparation of business plans, restructurings, mergers, turnarounds, interim management, board functions, family offices, granting of domicile, organisational administrations, etc.)
- Accounting and tax services (accounting, VAT & reporting, tax consulting and planning, payroll accounting, etc.)
2. Gundamentals of Data Processing
This privacy policy describes how we process personal data, in particular what personal data we collect and for what purpose. It also governs data transfers, retention periods, and your rights.
Personal data (hereinafter referred to as data) means any information relating to an identified or identifiable person. The term "data processing" is to be understood situationally and encompasses any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, use, alteration, disclosure, archiving or destruction of data.
We collect and process data to fulfil our business responsibilities, within the legally and contractually regulated framework. The collection, processing, and use of data are subject to applicable Swiss law (Federal Act of 25 September 2022 on Data Protection) and, where applicable, European legal provisions (EU General Data Protection Regulation (GDPR)).
We collect personal data transparently and in accordance with the principles of proportionality and purpose limitation. The data is processed only to the extent and for as long as is necessary for our tasks and obligations.
3. Purpose of collecting and processing personal data
We process the data necessary to ensure that our services are permanently, securely, and reliably available. This includes, in particular:
- Handling and managing contractual relationships with customers, employees, suppliers, etc.;
- Maintaining contact and communication in connection with the provision of services;
- Operation of the website;
- Ensuring safety, fulfilling legal obligations, and enforcing claims;
- Sending invitations and conducting events and webinars;
- Marketing campaigns and sending of newsletters;
- Statistical surveys/analyses.
4. What personal data do we process?
4.1 General contact information and basic data
Depending on the purpose of data processing, customer segment and service areas, we collect different types of personal data, including potentially sensitive personal data.
We process at least the following personal data from all contact, dialogue and contractual partners as well as customers:
- Last name, first name, email address and, if applicable, gender, address, telephone numbers, title, date of birth, marital status, nationality, occupation, employer information, social security number;
- Email and written correspondence (post).
In addition, depending on the purpose of the data processing, customer segment and service area, we collect and process additional data as described in the following sections :
4.2 Data on mandate processing
For the provision and administration of our mandates and for communication with our clients, we process the following personal data:
- General contact and basic data according to section 4.1;
- For companies:
- Legal form, share capital and paid-up capital, year of foundation of the company, external auditor, domestic and foreign sales, annual sales per business area, registration number;
- Branch offices: Location of the branch office, company name, address, telephone, internet, email, correspondence language;
- Information on staffing levels: departments, number of employees or managers, percentage of full-time equivalent positions;
- Financial information:
- Risk assessment data:
- Debt enforcement register extracts;
- Management and control of the company:
- Information about the natural persons involved in the company/shareholders and members of the management: last and first name(s), year of birth, nationality, address, contact details, function, share of voting rights, information about their activities in the company;
- Information on the companies and foundations involved in the company: company name, registered office, business area, level of participation;
- Contact person details: Last and first name, date of birth, email address and telephone numbers;
- Information on the employment of responsible persons at third-party companies and, where applicable, last and first name, company, industry, function and employment level;
- Information on the ownership structure
- Payment information;
- Mandate data such as:
- Statutes, minutes, contracts;
- Employee data (salary, social security, employment contracts);
- Accounting and tax information;
- Particularly sensitive personal data such as data relating to health, religion, receipt of social assistance, debt collection proceedings or bankruptcies.
This data is processed primarily in connection with services in the areas of auditing, consulting, taxes, payroll processing, or accounting. This mainly concerns data from our clients. However, it may also relate to third parties, such as employees, contacts, or individuals who have a (contractual) partnership with our clients. Our clients may therefore refer to this privacy policy, but must also take their own measures to comply with data protection legislation.
Data processing serves the purpose of executing and managing mandates, credit checks, avoiding conflicts of interest, and quality assurance. It also fulfils legal and contractual requirements.
The data is usually communicated and provided directly by the clients. Depending on the nature and scope of the mandate, it may also originate from authorities, courts, or third parties. In some cases, data may also be collected directly from the employers of the individuals concerned.
4.3 Data related to inquiries via email and telephone
When you contact us by email or telephone, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of handling your request.
This data is processed either in connection with fulfilling a contract or for carrying out pre-contractual measures. In all other cases, processing is based on your consent and/or our legitimate interests, as we have a legitimate interest in the efficient processing of inquiries addressed to us.
The data you send us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions, in particular, statutory retention periods, remain unaffected.
4.4 Data for mailings and newsletters
For the purpose of sending information about events, publications, etc. (marketing purposes) and for sending newsletters, we process the following personal data:
- General contact and basic data as described in section 4.1;
This data is necessary to provide the service, communicate, and maintain our customer base. To improve our services, information related to marketing, mailings, and newsletters is also statistically analysed. You can object to the use of your personal data for marketing purposes at any time or unsubscribe from the newsletter.
4.5 Data for the organisation and execution of events
The following personal data is processed for the organisation and execution of events:
- General contact and basic data as described in section 4.1;
- Information about the employer (such as company, address, email address), participants and speakers;
- Information about participation in the training course;
- Payment information;
- Possibly images or videos.
Your first and last name, address (if applicable), email address, and employer may be disclosed to other participants. You may also be photographed or filmed at events.
This data will be processed for the purpose of organising the event, as well as for networking and marketing. We require the images for internal event documentation, inclusion in newsletters or on our website and social media channels, report creation, and, if necessary, to inform our members about the event. Participants may inform the photographer before or during the photo shoot that they do not wish to appear in the images.
4.6 Data related to direct communication (telephone, email, chat, online meetings, video conferences and/or webinars etc.)
The online meetings, video conferences, and/or webinars we organise are primarily conducted using Microsoft Teams, Zoom, Skype, etc. For direct communication via telephone, email, collaboration tools, or chat, our respective service providers and we may process the following personal data, as necessary:
- General contact and basic data as described in section 4.1;
- Other personal data contained in email communication;
- Communication data such as IP address, time and duration of communication;
- Recordings of the video conference, if necessary.
We process this personal data to provide and improve our services for our customers and other interested third parties.
4.7 Data on personnel
The following data is processed for employee administration purposes:
- General contact and basic data according to section 4.1;
- Social security details/AHV number;
- Information about children;
- Employment contract details such as start date, job title, salary, and employment contract;
- Application information such as cover letter, CV, work certificates, diplomas, evaluation of job interviews, assessments, and reference checks;
- Financial information and bank details;
- For employees subject to withholding tax: religious affiliation, foreign national ID card, information on other employment, substitute income and partner information;
- Information on periodic performance reviews;
- Time and vacation tracking;
- Information about illnesses, accidents, maternity or paternity leave, military or civil defence;
- Criminal record and/or debt enforcement register extracts.
Application documents that do not lead to employment will be deleted or destroyed after the application process is complete, unless we receive consent to retain them.
The data serves to ensure correct processing in human resources, the fulfilment of the contractual relationship (employment contract), and is mainly submitted by the employees.
4.8 Suppliers and other contractual partners
We process the following personal data of business partners who provide services or deliveries for us:
- General contact and basic data according to section 4.1;
- Financial information, such as bank details
- Information contained in the contract (such as data about the responsible employees, consultants, information about the service provided, etc.);
We process this data in fulfilment of a contract and in accordance with the statutory retention periods under commercial and tax law. If our contractual partners (e.g., IT companies) have access to our personal data in fulfilment of their orders, we conclude a corresponding data processing agreement (DPA) with them.
4.9 Operation, monitoring and improvement of the website and other electronic channels
4.9.1 Server-Logfiles
Our website is hosted by Cyon GmbH on servers in Basel, Switzerland. In close cooperation with our hosting provider, we strive to protect the databases as effectively as possible against unauthorised access, loss, misuse, or falsification. When you access our website, the following data is stored in log files: IP address, date, time, browser request, and general information about the operating system and/or browser. This usage data forms the basis for anonymous statistical analyses, allowing us to identify trends and improve our services accordingly.
4.9.2 Cookies
These websites sometimes use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective, and secure. Cookies are small text files stored on your computer by your browser.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit ends. Other cookies remain stored on your device until you delete them. These cookies allow us to recognise your browser on your next visit.
You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to accept cookies in certain cases or to generally reject them, and to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.
We use the "Real Cookie Banner" consent tool to manage the cookies and similar technologies (tracking pixels, web beacons, etc.) we use, as well as the associated consents. Details on how "Real Cookie Banner" works can be found at https://devowl.io/de/rcb/datenverarbeitung.
The legal basis for processing personal data in this context is Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
Providing your personal data is neither contractually required nor necessary for entering into a contract. You are not obligated to provide your personal data. If you do not provide your personal data, we will be unable to manage your consent.
4.9.3 SSL- or TLS-Verschlüsselung
This site uses SSL/TLS encryption to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser's address bar.
When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.
4.10 Ensuring safety, fulfilling legal obligations, enforcing claims
We may process the aforementioned personal data to ensure security and, if necessary, to enforce your rights, and may also disclose it to third parties, such as courts or authorities.
5. Data collection, retention period, security measures
5.1Data collection
We generally receive the personal data mentioned in point 4 directly from you when you use one of our services. In some cases, data may also be collected directly from the employers of the individuals concerned.
In the case of mandates, the data may also originate from authorities, courts or third parties, depending on the type and scope of the mandate.
We also obtain publicly available information from the media and the internet, insofar as this is appropriate in the specific case (e.g., in the context of an application, when selecting lecturers and speakers), as well as data on website use (see section 4.9).
5.2 Storage period
We retain personal data for as long as it is needed for the purpose for which it was collected, or for as long as we are obligated to do so by applicable laws, regulations, or contractual agreements, and as long as we have an overriding legitimate interest in retaining it. After that, the data is deleted.
5.3 Data security
We take appropriate technical and organisational security measures to protect personal data from unauthorised access and misuse. These include IT and network security solutions, access restrictions, encryption of data storage and transmissions, instructions, training, and controls.
The data is stored in the applications and software we use. Generally, the data is stored on servers in Switzerland. If data is stored abroad (Teams, Microsoft 365, etc.), the rules in section 6 apply.
If third parties have access to our data, special measures will be implemented as set out in the data processing agreement (see section 6).
To facilitate and expedite order processing, information and data can also be exchanged electronically. However, it is understood that data transmitted via the internet is not reliably protected against unauthorised access, may be lost, transmitted with delay, or infected with viruses. Agreements regarding encryption techniques and similar measures can be made separately upon request.
6. Data sharing and data transfer
We may disclose personal data to third parties if you have given your consent, or if this is necessary for the provision of the respective service, the fulfilment of the contractual purpose, or the protection of our legitimate interests, or if we are legally obligated to do so.
The following categories of recipients may receive personal data from us:
- Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies, etc.);
- Third parties within the scope of our legal or contractual obligations, authorities (such as the auditing supervisory authority, tax authorities, etc.), government institutions, and courts.
The third parties we commission are contractually obligated to comply with data protection regulations and to process the data only for the purpose specified by us.
Our service providers are primarily located in Switzerland or the EU/EEA. Certain personal data may also be transferred to the USA (e.g., Microsoft 365 data). Should a data transfer to a country that does not have an adequate level of data protection be necessary, this will be carried out on the basis of standard contractual clauses (e.g., in the case of Microsoft) or other suitable safeguards.
The information you provided may also be anonymised and passed on to third parties for statistical evaluation purposes.
7. Your rights
Every person has the right to request information about the data processed concerning them, including its origin, recipients, and the purpose of its collection and processing. Furthermore, you have the right to request the correction, blocking, deletion, or transfer of your data.
Data that must be retained due to legal requirements or is necessary for business transactions cannot be deleted. If your data is not subject to a legal archiving obligation or to our overriding legitimate interest in retention, we will delete it at your request. If an archiving obligation applies, we will restrict access to your data.
Furthermore, you can assert your claims in court or file a complaint with the competent data protection authority (FDPIC).
8. Final Provisions
8.1 Responsible body and contact
We are responsible for data processing in accordance with this privacy policy unless otherwise stipulated.
General inquiries regarding data protection can be sent to us by post or email:
Copartner Revision AG
St. Alban-Anlage 46
CH-4052 Basel
E-Mail: info@copartner.ch
For questions concerning a specific person, requests for correction or deletion, a copy of the ID or passport must also be included to identify the user.
8.2 Changes to the Privacy Policy
We may amend our privacy policy at any time by publishing it on the website. This privacy policy was last updated on September 1, 2023.
