Privacy Statement

In this privacy statement, we, THR Rüegg & Partner AG, Treuhandgesellschaft (hereinafter referred to as THRAG, we or us), describe how we collect and process personal data. This privacy statement does not represent a comprehensive description; other statements concerning data protection may govern specific matters. For the purposes of this privacy statement, personal data means any information relating to a specific or identifiable person.

1. Responsible body and contact

THRAG is responsible for the data processing described here, unless otherwise specified in individual cases. Data protection inquiries can be sent to us by letter or email, together with a copy of the user's ID or passport for identification of the user:
THR Rüegg & Partner AG, Treuhandgesellschaft, Freiestrasse 24A, 8610 Uster (Switzerland) Tel. +41 44 943 10 10, mail_at_thrag.ch.

2. Collection and processing of personal data

In particular, we process personal data in the following processing categories.

Customer data of customers for whom we provide or have provided services.
Personal data that we have obtained indirectly from our customers in the course of providing the service.
When visiting our website.
When using our newsletter.
When participating in one of our events.
When we are communicating, or a visit takes place.
In the case of other contractual relationships, e.g., as a supplier, service provider or consultant.
On job applications
If we are required to do so for legal or regulatory reasons.
If we exercise our due diligence obligations or other legitimate interests, e.g., to avoid conflicts of interest, avoid money laundering or other risks, ensure the accuracy of data, check creditworthiness, ensure security or enforce our rights.

More detailed information can be found in the description of the respective processing categories in Section 5.

3. Personal data categories

Which personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you or about people in a relationship with you. This information may also be particularly sensitive personal data.

We collect the following categories of personal data, depending on the purpose for which we process it:

Contact information (e.g., last name, first name, address, telephone number, email)
Customer information (e.g., date of birth, nationality, marital status, occupation, title, job title, passport/ID number, Swiss social security number (AHV))
Risk assessment data (e.g., credit information, commercial register data)
Financial information (e.g., data related to your bank accounts)
Mandate data, depending on the order (e.g., tax information, articles of association, minutes, projects, contracts, employee data (e.g., salary, social security), accounting data, economic beneficiaries, ownership structure))
Website data (e.g., IP address, device information (UDI), information on the browser, website usage (analysis and use of plugins, etc.)
Application data (e.g., CV, references)
Marketing information (e.g., newsletter subscription)
Security and network data (e.g., visitor lists, access controls, network and mail scanners, telephone call lists)

To the extent permitted, we also obtain certain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, press, internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties. In addition to the data you provide to us directly, the categories of personal data we receive about you from third parties include, in particular, information from public registers, information that we obtain in connection with official and judicial proceedings, information in connection with your professional functions and activities (so that we, for example, are able to conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, credit information, information about you that persons from your environment (family, consultants, legal representatives, etc.) give us so that we can conclude or process contracts with you or with your involvement (e.g., references, your address for deliveries, powers of attorney), information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, our sales and other contractual partners on the use or provision of services by you (e.g., payments made, purchases made), information from media and the internet about you (insofar as this is indicated in the specific case, e.g., as part of an application, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing purposes), data related to the use of the website (e.g., IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).

4. Purposes of data processing and legal basis

4.1. Provision of services

We primarily process the personal data that we receive from these and other persons involved in our mandate relationships with our customers and other contractual relationships with business partners.

The personal data of our customers includes in particular the following information:

Contact information (e.g., last name, first name, address, telephone number, email, other contact information)
Personal information (e.g., date of birth, nationality, marital status, occupation, title, job title, passport/ID number, AHV number, family circumstances, etc.)
Risk assessment data (e.g., credit information, commercial register data, sanction lists, specialized databases, data from the internet)
Financial information (e.g., data relating to bank accounts, investments or shareholdings)
Mandate data, depending on the order, e.g., tax information, articles of association, minutes, employee data (e.g., salary, social security), accounting data, etc.
Particularly sensitive personal data: This personal data may also include particularly sensitive personal data, such as data relating to health, religious beliefs or social assistance measures, in particular if we provide services in the field of payroll processing or accounting.

We process this personal data for the purposes described based on the following legal bases:

Conclusion or processing of a contract with the data subject or for the benefit of the data subject, including initiation of a contract and possible implementation (e.g., advice, trust)
Fulfillment of a legal obligation (e.g., when we perform our duties as an auditor or are required to disclose information)
Protection of legitimate interests (e.g., for administrative purposes to improve our quality, ensure security, conduct risk management, enforce our rights, defend ourselves against claims or to investigate possible conflicts of interest)
Consent (e.g., to send you marketing information).

4.2. Indirect data processing from service provision

When we provide services to our customers, we may also process personal data that we have not collected directly from the data subjects or personal data of third parties. These third parties are usually employees, contact persons, family members or persons who have a relationship with the customers or data subjects for other reasons. We need this personal data to fulfill contracts with our customers. We receive this personal data from our customers or from third parties commissioned by our customers. Third parties whose information we process for this purpose will be informed by our customers that we are processing their data. Our customers can refer to this privacy statement for this purpose.

The personal data of the persons who are in a relationship with our customers is in particular the following information:

Contact information (e.g., last name, first name, address, telephone number, email, other contact information, marketing data)
Personal information (e.g., date of birth, nationality, marital status, occupation, title, job title, passport/ID number, AHV number, family circumstances, etc.)
Financial information (e.g., data relating to bank accounts, investments or shareholdings)
Mandate data, depending on the order, e.g., tax information, articles of association, minutes, employee data (e.g. salary, social security), accounting data
Particularly sensitive personal data: This personal data may also include particularly sensitive personal data, such as data relating to health, religious beliefs or social assistance measures, in particular if we provide services in the field of payroll processing or accounting.

We process this personal data for the purposes described based on the following legal bases:

Conclusion or execution of a contract with or for the benefit of the data subject (e.g., when we perform our contractual obligations)
Fulfillment of a legal obligation (e.g., when we perform our duties as an auditor or are required to disclose information)
Protection of legitimate interests, in particular our interest in providing optimal service to our customers.

4.3. Use of our website

No personal data needs to be disclosed in order to use our website. However, with each request for information, the server records a string of user information that is temporarily stored in the server’s log files.

No allocation to a specific person takes place when using this general information. The collection of this information or data is technically necessary in order to display our website and to ensure its stability and security. This information is also collected in order to improve the website and analyze its use.

This includes the following information in particular:

Contact information (e.g., last name, first name, address, telephone number, email)
Other information you provide to us via the website
Technical information automatically transmitted to us or our service providers, information on user behavior or the settings of the website (e.g., IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, clicking on links, etc.)

We process this personal data for the purposes described based on the following legal bases:

Protection of legitimate interests (e.g., for administrative purposes in order to improve our quality, analyze data or make our services known)
Consent (e.g., to the use of cookies or to the newsletter).

4.4. Newsletter usage

If you subscribe to our newsletter, we use your email address and other contact details to send you the newsletter. You can subscribe to our newsletter with your consent. Mandatory for transmission of the newsletter is your full name and your email address, which we store after your registration. The legal basis for the processing of your data in connection with our newsletter is your consent to the transmission of the newsletter. You can revoke your consent at any time and unsubscribe from the newsletter.

4.5. Participation in events

If you participate in an event organized by us, we collect personal data in order to organize and conduct the event and, if necessary, to send you additional information afterward. We will also use your information to notify you of further events. You may be photographed or filmed by us at these events, and we may publish this image material internally or externally.

This includes the following information in particular:

Contact information (e.g., last name, first name, address, telephone number, email)
Personal information (e.g., occupation, function, title, employer company, eating habits)
Images or videos
Payment information (e.g., bank account).

We process this personal data for the purposes described based on the following legal bases:

Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, incl. initiation of a contract and possible implementation (enabling participation in the event)
Protection of legitimate interests (e.g., holding events, disseminating information about our event, providing services, efficient organization)
Consent (e.g., to send you marketing information or create image material).

4.6. Direct communication and visits

If you contact us (e.g., by phone, email or chat) or if we contact you, we process the personal data necessary for this. We also process this personal data when you visit us. In this case, you may need to leave your contact details before your visit or at the reception desk. These are stored by us for a certain period of time in order to protect our infrastructure and information.
We use Zoom or Microsoft Teams to conduct telephone conferences, online meetings, video conferences and/or webinars ("online meetings").
In particular, we process the following information:

Contact information (e.g., last name, first name, address, telephone number, email)
Basic data for communication (e.g., IP address, duration of communication, communication channel)
Recordings of conversations, e.g., during video conferences
Other information that the user uploads, provides or creates during the use of the video conferencing service and metadata used for the maintenance of the provided service. Additional information about the processing of personal data by Zoom or Microsoft Teams can be found in their privacy statements.
Personal information (e.g. occupation, function, title, employer company)
Time and reason for the visit.

We process this personal data for the purposes described based on the following legal bases:

Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including initiation of a contract and possible implementation (provision of a service)
Protection of legitimate interests (e.g., security, traceability as well as processing and administration of customer relationships).

4.7. Applications

You can submit your application for a job with us by post or via the email address provided on our website. The application documents and all personal data disclosed to us in this way will be treated as strictly confidential, not disclosed to any third party and only processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application file will either be returned to you after the completion of the application process or deleted/destroyed, unless it is subject to a legal retention obligation. The legal bases for processing your data are your consent, the performance of the contract with you and our legitimate interests.

In particular, we process the following information:

Contact information (e.g., last name, first name, address, telephone number, email)
Personal information (e.g. occupation, function, title, employer company)
Application documents (e.g., letter of motivation, certificates, diplomas, CV)
Evaluation information (e.g., assessment by personnel consultant, reference information, assessments)

We process this personal data for the purposes described based on the following legal bases:

Protection of legitimate interests (e.g., hiring new employees).
Consent.

4.8. Suppliers, service providers, other contractual partners

When we enter into a contract with you to provide a service for us, we process personal data about you or your employees. We need these in order to communicate with you and to make use of your services.

In particular, we process the following information:

Contact information (e.g., last name, first name, address, telephone number, email).
Personal information (e.g., occupation, function, title, employer company).
Financial information (e.g., data relating to bank acccounts).

We process this personal data for the purposes described based on the following legal bases:

Conclusion or processing of a contract with the data subject or for the benefit of the data subject, including initiation of a contract and possible implementation
Protection of legitimate interests (e.g., avoidance of conflicts of interest, protection of the company, enforcement of legal claims).

5. Tracking technologies

We use cookies on our website. These are small files that are automatically generated by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website.

The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we will immediately become aware of your identity. The use of cookies serves, on the one hand, to make using our website more enjoyable for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our website.

In addition, we also use temporary cookies, which are stored on your device for a specified period of time in order to optimize user-friendliness. If you visit our page again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and evaluate it for the purpose of optimizing our website services for you. These cookies allow us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is necessary for the stated purposes. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is set. However, if you completely disable cookies, you may not be able to use all the features of our website.

6. Web and newsletter analysis

We use the following web analysis tools and re-targeting technologies in order to obtain information about the use of our website, to improve our internet services and to be able to reach out to you with advertising on third-party websites or on social media: Google Analytics.

These tools are provided by third parties. As a rule, the information collected for this purpose about the use of a website is transmitted to the server of the third-party provider by the use of cookies or similar technologies. Depending on the third-party provider, these servers are located abroad.

The data is normally transmitted by shortening the IP addresses, which prevents identification of individual end devices. Third-party providers only transfer this information on the basis of legal regulations or as part of order data processing.

6.1. Google Analytics

We use Google Analytics, the web analysis service of Google LLC, Mountain View, California, USA; responsible for Europe is Google Limited Ireland ("Google"). To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store user-specific information on the user’s device. These allow Google to analyze the use of our website services. The information generated by the cookie about your use of our website (including your IP address) is generally transmitted to a Google server in the USA and stored there. We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp()” in order to ensure anonymized collection of IP addresses (so-called IP masking). If anonymization is active, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why it is not possible to draw any conclusions about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will not use your IP address in connection with other Google data. For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses.

6.2. Google Maps

On our website we use Google Maps (API) from Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Google Limited Ireland is responsible for Europe (“Google”)). Google Maps is a web service for displaying interactive (country) maps to visualize geographical information. Using this service shows you our location and makes a trip there easier. Information about your use of our website (such as your IP address) is already transmitted to Google’s servers in the USA and stored there when you access the sub-pages in which the map from Google Maps is integrated. This takes place regardless of whether Google provides a user account with which you are logged in or whether there is no user account. If you are logged into Google, your data will be directly assigned to your account. If you do not wish to be assigned with your profile to Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them.

For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses.

6.3. Social Media Plugins

Our website may use so-called social media plugins from third parties. The plugins can be identified by the logo of the respective social network. We offer you the option to interact via the plugins with the social networks and other users. We do not currently use any plugins on our website. When you access our website, your browser establishes a direct connection to the servers of the third party provider. The content of the plugin (e.g., YouTube videos) is transmitted by the respective third-party provider directly to your browser and integrated into the page.

Data is passed on to display content (e.g., publications on Twitter) regardless of whether you have an account with a third-party provider and are logged in there. If you are logged in with the third-party provider, your data collected by us will also be directly assigned to your existing account with the third-party provider. If you activate the plugins, the information will also be published on the social network and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by the third-party providers as well as their rights and setting options for the protection of your privacy can be found in the data protection notices of the third-party providers. The third-party provider stores the data collected about you as usage profiles and uses these for purposes of advertising, market research and/or demand-driven design of its website. Such an evaluation is also carried out in particular for users who are not logged in order to display demand-driven advertising and to inform other users of the social network about your activities on our website. If you would like to prevent the third-party providers from assigning the data collected via our website to your personal profile on the respective social network, you must log out of the respective social network before visiting our website. You can also completely prevent the loading of plugins with special add-ons for your browser, such as “Ghostery” or “NoScript”.

6.4. Newsletter Tracking

We use PROFFIX software to send our newsletters.
No tracking technologies are used.

7. Data transfer and data transmission

We will only disclose your data to third parties if this is necessary for the provision of our services, if these third parties provide a service to us, if we are required to do so by law or by the authorities or if we have an overriding interest in the transfer of the personal data. We will also transfer personal data to third parties if you have given your consent or have asked us to do so.
Not all personal data is transmitted encrypted by default. Unless explicitly agreed otherwise with the customer, accounting data, payroll administration data, payroll statements and IDs are transmitted in unencrypted form.

The following categories of recipients may receive personal data from us:

Service providers (e.g., IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).
Third parties within the scope of our legal or contractual obligations, authorities, state institutions, courts.

The contracts that we conclude with service providers who process personal data on our behalf obligate them to ensure data protection. Our service providers are mostly located in Switzerland or in the EU/EEA. Certain personal data may also be transferred to the USA (e.g., Google Analytics data) or, in exceptional cases, to other countries worldwide. If it is necessary to transmit data to other countries that do not have an adequate level of data protection, this is done on the basis of the EU standard contractual clauses (e.g., in the case of Google) or other suitable instruments.

8. Duration of storage of personal data

We process and store your personal data for as long as it is necessary for the fulfillment of our contractual and legal obligations or the purposes pursued by the processing, i.e., for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the legal retention and documentation obligations. It is possible that personal data is stored for the period in which claims can be asserted against our company (i.e., in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will generally be deleted or anonymized as far as possible. For operational data (e.g., system logs), shorter retention periods of twelve months or less generally apply.

9. Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls.

10. Obligation to provide personal data

As part of our business relationship, you must provide the personal data that is necessary for the establishment and performance of a business relationship and the fulfillment of the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this information, we will not be able to enter into or execute a contract with you (or the entity or person you represent). The website can also not be used if certain information for ensuring data traffic (such as IP address) is not disclosed.

11. Your rights

You have the following rights in connection with our processing of personal data:

Right to information about your personal data stored by us, the purpose of the processing, the origin as well as information about recipients or categories of recipients with whom personal data is shared.
Right to rectification if your data is inaccurate or incomplete.
Right to restrict the processing of your personal data.
Right to request the deletion of the personal data processed.
Right to data portability.
Right to object to data processing or to withdraw consent to the processing of personal data at any time without stating reasons.
Right to lodge a complaint with a competent supervisory authority, if provided for by law.

To assert these rights, please contact the address specified in Section 1.

However, please note that we reserve the right to assert legal restrictions on our part, for example, if we are obliged to store or process certain data, have an overriding interest in it (to the extent that we may invoke it) or need it for the assertion of claims. If you incur any costs, we will inform you in advance.

12. Changes to the privacy statement

We expressly reserve the right to amend this privacy statement at any time. Last modified: December 2023.