In this Data Protection Declaration, we, ABT Treuhandgesellschaft AG (hereafter ABT, we or us), describe how we collect and process personal data. This Data Protection Declaration is not an exhaustive description; other declarations relating to data protection may regulate specific matters. For the purposes of this Data Protection Declaration, personal data means any information relating to an identified or identifiable individual.

This Data Protection Declaration is designed to meet the requirements of the Federal Act on Data Protection (“FADP”) and the EU General Data Protection Regulation (“GDPR”). However, whether and to what extent these laws are applicable depends on the individual case.

1. Responsible body and contact 

   ABT Treuhandgesellschaft AG is responsible for the data processing described here, unless otherwise stated in individual cases. Data protection enquiries can be sent to us by letter or e-mail, enclosing a copy of the user’s ID or passport for identification purposes:

   ABT Treuhandgesellschaft AG
   Seestrasse 352
   8038 Zurich
   +41 (0)44 711 90 90
   abt@abt.ch

   Representative in the EU:

2. Overview of the purposes for which we process personal data

   We process personal data particularly in the following processing categories:

   • When we perform or have performed services for our customer
   • Personal data that we have received indirectly from our customers in the course of providing services
   • When visiting our website
   • When attending an event organised by us
   • When we communicate or a visit takes place
   • In the case of other contractual relationships with business partners, e.g. with suppliers, service providers or consultants and the persons involved in them
   • In case of applications
   • If we are required to do so for legal or regulatory reasons
   • When we are carrying out our due diligence or other legitimate interests, for example to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security or enforce our rights

   More detailed information can be found in the description of the respective processing categories in Point 4.

3. Overview of the categories of personal data

   The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you or about people who have a relationship with you. Under certain circumstances, this information may also be particularly sensitive personal data.

   In particular, we collect the following categories of personal data, depending on the purpose for which we process them:

   • Contact information
   • Customer information
   • Risk assessment data
   • Financial information
   • Mandate data, depending on the assignment
   • Website data
   • Application data
   • Marketing information
   • Security and network data

   More detailed information can be found in the description of the respective processing categories in Point 4.

   To the extent permitted, we also take certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, internet) or receive such data from our customers and their employees, from authorities, (arbitration) courts and other third parties. In addition to the data about you that you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, e.g. conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, credit information, information about you given to us by people close to you (family, advisors, legal representatives etc.) to enable us to enter into or perform contracts with you or involving you (e.g. references, your address for mailing, powers of attorney), information to comply with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you (e.g. payments made, purchases made), information from the media and internet about you (where this is appropriate in the specific case, e.g. to comply with legal requirements such as combating money laundering etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, language, referring website, location details).

4. Purposes of data processing and legal basis
   4.1. Provision of services

   We primarily process the personal data that we receive from our customers and other business partners in the course of our customer relationships and other contractual relationships with them and other persons involved in them.

   The personal data of our customers is in particular the following information:

   • Contact information (e.g. last name, first name, address, telephone number, e-mail, other contact information)
   • Personal information (e.g. date of birth, nationality, gender, marital status, profession, title, job title, passport/ID number, national insurance number, permit status, family circumstances)
   • Risk assessment data (e.g. credit rating information, commercial register data, sanctions lists, specialised databases, data from the internet)
   • Financial information (e.g. data on bank accounts and statements, investments or shareholdings, beneficial ownership)
   • Mandate data, depending on the assignment, e.g. tax information (such as income and assets), articles of association, minutes, deeds, judgements, decrees, projects, contracts, employee data (such as salary, employment contract, social insurance, authorisation status, medical certificates, job references, diplomas, extracts from personnel files), accounting data (such as vouchers, annual accounts), ownership structure
   • Personal data requiring special protection: These personal data may also include personal data requiring special protection, such as data on health, religious beliefs, administrative and criminal prosecution or sanctions, as well as social assistance measures. This is particularly the case when we provide services in the area of payroll processing, accounting or processing of tax returns

   We process this personal data for the purposes described above on the basis of the following legal foundations:

   • Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (e.g. consulting, tax declaration, bookkeeping, payroll accounting and personnel administration as well as other fiduciary services)
   • Fulfilment of a legal obligation (e.g. if we perform our duties as a financial intermediary or are obliged to disclose information)
   • Safeguarding legitimate interests, (e.g. for administrative purposes, to improve our quality, ensure safety, manage risk, enforce our rights, defend ourselves against claims or to check for possible conflicts of interest)
   • Consent (e.g. to send you marketing information)

   4.2. Indirect data processing from service provision

   When we provide services to our customers, we may also process personal data that we have not collected directly from the data subjects or personal data from third parties. These third parties are usually employees, contacts, family members or persons who have a relationship with the customers or data subjects for other reasons. We need this personal data to fulfil contracts with our customers. We receive this personal data from our customers or from third parties commissioned by our customers. Third parties whose information we process for this purpose are informed by our customers that we are processing their data. Our customers can refer to this Data Protection Declaration for this purpose.

   The personal data of the persons who have a relationship with our customers is in particular the following information:

   • Contact information (e.g. last name, first name, address, telephone number, e-mail, other contact information, marketing data)
   • Personal information (e.g. date of birth, nationality, gender, marital status, profession, title, job title, passport/ID number, national insurance number, permit status, family circumstances)
   • Financial information (e.g. data on bank accounts and statements, investments or shareholdings, beneficial ownership)
   • Mandate data, depending on the assignment, e.g. tax information (such as income and assets), articles of association, minutes, deeds, judgements, decrees, projects, contracts, employee data (such as salary, employment contract, social insurance, authorisation status, employer’s references, medical certificates, employer’s references, diplomas, extracts from personnel files), accounting data (such as receipts, annual accounts). Ownership structure
   • Personal data requiring special protection: These personal data may also include personal data requiring special protection, such as data on health, religious beliefs, administrative and criminal prosecution or sanctions, as well as social assistance measures. This is particularly the case when we provide services in the area of payroll processing, accounting or processing of tax returns

   We process this personal data for the purposes described above on the basis of the following legal foundations:

   • Conclusion or execution of a contract (e.g. when we perform our contractual obligations)
   • Fulfilment of a legal obligation (e.g. if we perform our duties as a financial intermediary or are obliged to disclose information)
   • Safeguarding legitimate interests, in particular our interest in providing optimum service to our customers

   4.3. Use of our website

   No personal data need to be disclosed in order to use our website. However, the server collects a series of user information with each call, which is temporarily stored in the server’s log files.

   When using this general information, no allocation to a specific person takes place. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected to improve the website and analyse its use.

   This is in particular the following information: 

   • Technical information automatically transmitted to us or our service providers, information on user behaviour or website settings (e.g. IP address, UDI, device type, browser, number of clicks on the page, click on links, etc.)

   We process this data for the purposes described above on the basis of the following legal foundations:

   • Safeguarding legitimate interests, (e.g. for administrative purposes, to improve our quality, analyse data or publicise our services)
   • Consent (e.g. to the use of cookies)

   4.4. Participation in events

   If you participate in an event organised by us, we collect personal data in order to organise and hold the event and, if necessary, to send you additional information afterwards. We also use your data to inform you about other events. You may be photographed or filmed by us at these events and we may publish this footage internally or externally.

   This is in particular the following information:

   • Contact information (e.g. last name, first name, address, telephone number, e-mail)
   • Personal information (e.g. profession, function, title, employer company, eating habits)
   • Pictures or videos
   • Contents of presentations, discussions and similar
   • Payment information (e.g. bank details)

   We process this personal data for the purposes described above on the basis of the following legal foundations:

   • Fulfilment of a contractual obligation with the data subject or for the benefit of the data subject, incl. contract initiation and possible enforcement (enabling participation in the event)
   • Safeguarding legitimate interests (e.g. holding events, disseminating information about our event, providing services, efficient organisation)
   • Consent (e.g. to create visual material)

   4.5. Direct communication and visits

   If you contact us (e.g. via telephone, e-mail or chat) or if we contact you, we process the personal data required for this purpose. We also process this personal data when you visit us. In this case, you may need to leave your contact details before your visit or at the reception. We keep these for a certain period of time to protect our infrastructure and information.

   In particular, we process the following information:

   • Contact information (e.g. last name, first name, address, telephone number, e-mail)
   • Basic data on communication (e.g. IP address, duration of communication, communication channel)
   • Recording of conversations (e.g. video conferences)
   • Other information uploaded, provided or created by the user during the use of the video conferencing service and meta data used for the maintenance of the service provided.
   • Personal information (e.g. profession, function, title, employer company)
   • Time, reason for the visit and content of the communication

   We process this personal data for the purposes described above on the basis of the following legal foundations:

   • Fulfilment of a contractual obligation with the data subject or for the benefit of the data subject, incl. contract initiation and possible enforcement (rendering of a service)
   • Safeguarding legitimate interests (e.g. security, traceability as well as processing and administration of customer relationships)
   • Consent (e.g. recording of conversations)

   4.6. Applications

    You can submit your application for a position with us by post or via the e-mail address given on our website or send us a spontaneous application. The application documents and all personal data disclosed to us in this way will be treated as strictly confidential, will not be disclosed to any third party and will only be processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal obligation to retain it.

   In particular, we process the following information:

   • Contact information (e.g. last name, first name, address, telephone number, e-mail)
   • Personal information (e.g. profession, function, title, employer company)
   • Application documents (e.g. letter of motivation, certificates, diplomas, CV)
   • Assessment information (e.g. evaluation of personnel consultants, reference information, assessments)

   We process this personal data for the purposes described above on the basis of the following legal foundations:

   • Safeguarding legitimate interests (e.g. hiring new employees)
   • Consent
   • Conclusion or performance of a contract with the data subject or for the benefit of the data subject, incl. contract initiation and possible enforcement

   4.7. Suppliers, service providers, other contractual partners

   If we enter into a contract with you to provide a contractual service for us (e.g. service or delivery of a product), we process personal data about you or your employees. We need these in order to communicate with you and to make use of your services. We may also process this personal data to check whether there might be a conflict of interest and to ensure that we do not enter into any unwanted risks, e.g. with regard to money laundering or sanctions, with the cooperation.

   In particular, we process the following information:

   • Contact information (e.g. last name, first name, address, telephone number, e-mail)
   • Personal information (e.g. profession, function, title, employer company)
   • Financial information (e.g. data on bank details)

   We process this personal data for the purposes described above on the basis of the following legal foundations:

   • Conclusion or performance of a contract with the data subject or for the benefit of the data subject, incl. contract initiation and possible enforcement
   • Safeguarding legitimate interests, (e.g. avoiding conflicts of interest, protecting the company, enforcing legal claims)

   4.8. Compliance with laws, directives and recommendations

   We obtain and process personal data in order to comply with applicable laws (e.g. anti-money laundering or tax obligations), self-regulations, industry standards, our corporate governance and for any internal or external investigations to which we are a party (e.g. by a law enforcement or supervisory authority or a mandated private body).

   We process this personal data for the purposes described above on the basis of the following legal foundations:

   • Fulfilment of a legal obligation (e.g. if we perform our duties as a financial intermediary or are obliged to disclose information)
   • Safeguarding legitimate interests, (e.g. avoiding conflicts of interest, protecting the company)

   4.9. Security purposes and access control

   We obtain and process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises, analyses and tests of our IT infrastructures, system and error checks and the creation of security copies. For documentation and security purposes (preventive and to clarify incidents), we also keep access logs or visitor lists in relation to certain premises.

   We process this personal data for the purposes described above on the basis of the following legal foundations:

   • Conclusion or performance of a contract with the data subject or for the benefit of the data subject, incl. contract initiation and possible enforcement
   • Fulfilment of a legal obligation (e.g. for compliance with data protection and data security)
   • Safeguarding legitimate interests, (e.g. protecting the company, enforcing legal claims)
5. Tracking technologies

   We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our website.

   Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity. The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

   In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our website again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognise that you have already been with us when you visit our website again. These cookies are automatically deleted after a defined period of time.

   The data processed by cookies are necessary for the purposes mentioned. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created.

6. Web analytics

   In order to obtain information about the use of our website and to improve our internet offer (e.g. integration of maps), we use web analysis tools and re-targeting technologies.

   These tools are provided by third parties. As a rule, the information collected for this purpose about the use of a website is transmitted to the third-party provider’s server through the use of cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad.

   The transmission of the data normally takes place with shortening of the IP addresses, which prevents the identification of individual end devices. A transfer of this information by third party providers only takes place due to legal regulations or in the context of order data processing.

   6.1. Google Analytics

   We use Google Analytics, the web analysis service of Google LLC, Mountain View, California, USA; responsible for Europe is Google Limited Ireland (“Google”). To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store specific information related to the user on the user’s end device. These enable an analysis of the use of our website by Google. The information collected by the cookie about the use of our website (including your IP address) is usually transmitted to a Google server in the USA and stored there. We would like to point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp();” in order to ensure anonymised collection of IP addresses (so-called IP masking). If anonymisation is active, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google may associate your IP address with other data held by Google. For data transfers to the USA, Google has committed to sign and comply with the EU standard contractual clauses. 

   Additional information can be found in the respective data protection declarations of Google Analytics.

   6.2. Google Maps

   On our website we use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Limited Ireland, “Google”). Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. By using this service, you will be shown our location and it will be easier for you to find us. Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there when you call up those sub-pages in which the Google Maps map is integrated. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. For data transfers to the USA, Google has committed to sign and comply with the EU standard contractual clauses.

   Additional information can be found in the respective data protection declarations of Google Maps.

   6.3. Social media plugins

   So-called social media plugins (“plugins”) from third-party providers are used on our website. The plugins are recognisable by the logo of the respective social network. Via the plugins, we offer you the possibility to interact with the social networks and other users. We use the following plugin on our website: LinkedIn. When you access our website, your browser establishes a direct connection to the third-party provider’s server. The content of the plugin is transmitted directly to your browser by the respective third-party provider and integrated into the page.

   The data transfer for the display of content takes place regardless of whether you have an account with the third-party provider and are logged in there. If you are logged in to the third-party provider, your data collected by us will also be directly assigned to your account with the third-party provider. If you activate the plugin, the information will also be published on the social network and shown to your contacts there. Please refer to the third-party provider’s data protection declaration for the purpose and scope of the data collection and the further processing and use of the data by the third-party provider, as well as your rights in this regard and setting options for protecting your privacy. The third-party provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is also carried out in particular for non-logged-in users for the display of needs-based advertising and to inform other users of the social network about your activities on our website. If you would like to prevent the third-party provider from assigning the data collected via our website to your personal profile in the respective social network, you must log out of the respective social network before visiting our website. You can also completely prevent the loading of the plugins with specialised add-ons for your browser such as “Ghostery” (https://www.ghostery.com/) or “NoScript” (http://noscript.net/).

7. Data transmission and forwarding

   Not all personal data is transmitted encrypted by default. Unless explicitly agreed otherwise with the customer, accounting data, salary administration data, salary statements and salary cards or contract data are transmitted unencrypted.

   We only disclose your data to third parties if this is necessary to provide our service, if these third parties provide a service for us, if we are obliged to do so by law or by the authorities, or if we have an overriding interest in disclosing the personal data. We will also share personal data with third parties if you have given your consent or asked us to do so.

   The following categories of recipients may receive personal data from us:

   • Branch office
   • Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, auditors, insurance companies, banks, translation agencies)
   • Third parties within the scope of our legal or contractual obligations (e.g. employees, contractual partners, counterparties, other persons involved), authorities, government institutions, courts, industry organisations, associations and other bodies

   All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing of data by certain third parties, but not by all third parties (e.g. authorities).

   We generally conclude contracts with service providers who process personal data on our behalf, obliging them to ensure data protection. The majority of our service providers are located in Switzerland or in the EU / EEA. Certain personal data may also be transferred to the USA (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. Should a data transfer to other countries that do not have an adequate level of data protection be necessary, this will be carried out on the basis of the EU standard contractual clauses (e.g. in the case of Google), other suitable instruments or on the basis of an exemption clause.

8. Duration of the retention of personal data

   We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the legal or regulatory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or made anonymous as far as possible. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less apply in principle.

9. Data security

   We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions.

10. Obligation to provide personal data

    Within the scope of our business relationship, you must provide the personal data that is required for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a legal obligation to provide us with data). Without this data, we will not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the website cannot be used if certain traffic security details (such as IP address) are not disclosed.

11. Your rights

    You have the following rights in relation to our processing of personal data:

    • Right to information about personal data stored by us about you, the purpose of processing, the origin and about recipients or categories of recipients to whom personal data is passed on
    • Right to rectification if your data is incorrect or incomplete
    • Right to restrict the processing of your personal data
    • Right to request the deletion of the personal data processed
    • Right to data portability
    • The right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons
    • Right to complain to a competent supervisory authority, where provided for by law

    To exercise these rights, contact the address given in Point 1.

    Please note, however, that we reserve the right to assert the restrictions provided for by law on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If there are any costs for you, we will inform you in advance.

12. Amendment of the Data Protection Declaration

    This Data Protection Declaration does not form part of any contract with you. We may amend this Data Protection Declaration at any time. The version published on this website is the current version.

Last change: August 2023