Data Protection Declaration

EXAMPLE is responsible for the data processing we describe here, unless otherwise stated in particular cases. Enquiries about data protection can be addressed to us subject to attachment of a copy of the ID card or passport for identification of the user, by letter or e-mail: Novissa Switzerland AG, Schulstrasse 1a, CH – 2572 Sutz.

2. Collection and processing of personal data

We process personal data, especially in the following categories of processing.

 • Customer data of customers for whom we provide or have provided services.
• Personal data that we received indirectly from our customers while providing services.
• When visiting our website.
• When using our newsletter.
 • When taking part in one of our events.
• When we communicate or a visit is made.
• In the context of another contractual relationship, e.g. as supplier, service provider or advisor.
 • If a job application is submitted.
 • If we are obliged to do so on statutory or regulatory grounds.
• When we observe our duties of due care or other legitimate interests, e.g. to avoid conflicts of interest, avoid money laundering or other risks, ensure that data is correct, check creditworthiness, guarantee security or enforce our rights. 

You can find more detailed information in the description of the respective categories of processing in section 5.

Which personal data we process depends on your relationship with us and on the purpose for which we are processing them. Apart from your contact data, we also process other data about you or about persons with whom you have a relationship. Under certain circumstances, this information may also involve personal data that deserves special protection. 

• contact information (e.g. family name, first name, address, telephone number, e-mail)
• customer information (e.g. date of birth, nationality, marital status, profession, title, job description, passport / ID number, OASI (old age and survivors' insurance) number
• risk evaluation data (e.g. creditworthiness information, commercial register data)
• financial information (e.g. data on bank accounts)
• mandate data depending on order (e.g. tax information, articles of association, records, projects, contracts, employee data [e.g. salary, social insurance], bookkeeping data, beneficial owner, ownership circumstances)
• website data (e.g. IP address, device information [UDI], information about browser, website use [analysis and use of plugins, etc.]
• application data (e.g. curriculum vitae, work references)
• marketing information (e.g. newsletter registration)
• security and network data (e.g. visitor lists, access checks, network and mail scanners, telephone call lists) 

If this is permitted, we also take particular data from publicly accessible sources (e.g. debt collection register, land register, commercial register, press, Internet) or obtain such from our clients and their employees, from authorities, (arbitration) courts and other third parties. Apart from the data that you provide us with directly, the categories of personal data which we obtain from third parties about you include in particular information from public registers, information that we learn in connection with official and court proceedings, information in connection with your professional functions and activities (so that we can conclude and process, with your assistance, transactions with your employer), information about you in correspondence and discussions with third parties, creditworthiness information, information about you provided to us by people in your circle (family, advisors, legal representatives, etc.), to enable us to conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, proxies), information about observance of legal requirements such as combating money laundering and export restrictions, information from banks, insurance companies, distribution and other contractual partners of ours to make use of or provide payments by you (e.g. payments made, purchases made), information from the media and Internet about you (if this is appropriate, in a specific case, e.g. in the context of a job application, etc.), your addresses and if applicable interests and other socio-demographic data (for marketing), data in connection with use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages retrieved and contents, functions used, referring website, location information).

 Primarily, we process personal data that we obtain in the context of our customer relationships with our customers and other contractual relationships with their business partners and other persons involved. 

The personal data of our customers includes the following information in particular:
 • contact information (e.g. family name, first name, address, telephone number, e-mail, other contact information)
• personal information (e.g. date of birth, nationality, marital status, profession, title, job description, passport / ID number, OASI (old age and survivors' insurance), family circumstances, etc.)
• risk evaluation data (e.g. creditworthiness information, commercial register data, sanctions lists, specialised databases, data from the Internet) 
• financial information (e.g. data about bank accounts, investments or participations)
• mandate data depending on order, e.g. tax information, articles of association, records, employee data (e.g. salary, social insurance), bookkeeping data, etc.
• Personal data deserving special protection: these personal data can also include personal data deserving special protection, such as data about health, religious views or social welfare measures, especially if we provide services in the field of payroll processing or bookkeeping. 

We process these personal data for the purposes described, based on the following legal foundations:
• conclusion or processing of a contract with the data subject or on behalf of the data subject, incl. preparatory steps of a contract and any enforcement (e.g. advice, fiduciary arrangements)
• fulfilment of a legal obligation (e.g. if we observe our obligations as auditor or are obliged to disclose information)
• observance of legitimate interests, (e.g. for administrative purposes, to improve our quality, guarantee security, operate risk management, enforce our rights, defend ourselves against claims or to review potential conflicts of interest)
• consent (e.g. to send you marketing information)

When we provide services for our customers, there may be occasions when we also process personal data that we did not collect directly from the data subjects or the personal data of third parties. These third parties normally involve employees, contact persons, family members or persons that have a relationship for other reasons with the customer or the data subjects. We need these personal data to fulfil our contracts with our customers. We collect these personal data from our customers or from third parties commissioned by our customers. Third persons whose information we process for this purpose are informed by our customers of the fact that we process their data. For this purpose, our customers can refer to this Data Protection Declaration. 

The personal data of persons who have a relationship to our customers in particular include the following information:
• contact information (e.g. family name, first name, address, telephone number, e-mail, other contact information, marketing data)
• personal information (e.g. date of birth, nationality, marital status, profession, title, job description, passport / ID number, OASI (old age and survivors' insurance), family circumstances, etc.)
• financial information (e.g. data about bank accounts, investments or participations)
• mandate data depending on order, e.g. tax information, articles of association, records, employee data (e.g. salary, social insurance), bookkeeping data
• Personal data deserving special protection: these personal data can also include personal data deserving special protection, such as data about health, religious views or social welfare measures, especially if we provide services in the field of payroll processing or bookkeeping. 

We process these personal data for the purposes described, based on the following legal foundations:
• conclusion or processing of a contract with the data subject or on behalf of the data subject (e.g. when we observe our contractual obligations)
• fulfilment of a legal obligation (e.g. if we observe our obligations as auditor or are obliged to disclose information) • observance of legitimate interests, especially our interest to provide an optimal service to our customers.

 No personal data have to be disclosed to use our website. However, the server records various pieces of user information upon each retrieval, which are stored temporarily in the log files of the server. 

No assignment to a particular person occurs when using this general information. The recording of this information or data is technically necessary to display our website and guarantee its stability and security. In addition, this information is collected to improve the website and analyse its use.

This involves the following information in particular:
• contact information (e.g. family name, first name, address, telephone number, e-mail)
• further information that you transfer to us via the website
• technical information automatically transferred to us or our service providers, information about user behaviour or the settings of the website (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, clicks on links, etc.) 

We process these personal data for the purposes described, based on the following legal foundations:
• observance of legitimate interests, (e.g. for administrative purposes, to improve our quality, analyse data or make our services known)
• consent (e.g. to the use of cookies or the newsletter).

If you subscribe to our newsletter, we use your e-mail address and other contact data to send you the newsletter. You can subscribe to our newsletter by providing your consent. Information required for sending the newsletter is your complete name and e-mail address, which we save after your registration. Your consent to sending the newsletter constitutes the legal foundation for the processing of your data in connection with our newsletter. You can revoke this at any time and cancel the newsletter. 

If you take part in an event organised by us, we collect personal data to organise and hold the event and, if applicable, send you additional information subsequently. We likewise use your information to notify you of other events. There may be occasions at these events when we photograph or film you and we publish this picture material internally or externally. 

This involves the following information in particular:
 • contact information (e.g. family name, first name, address, telephone number, e-mail)
• personal information (e.g. profession, function, title, employer company, dietary preferences)
• pictures or videos
• payment information (e.g. bank account). 

We process these personal data for the purposes described, based on the following legal foundations:
• fulfilment of a contractual obligation with the data subject or on behalf of the data subject, incl. preparatory steps of a contract and any enforcement (making it possible to take part in the event)
• observance of legitimate interests (e.g. holding of events, distribution of information about our event, provision of services, efficient organisation)
• consent (e.g. to send you marketing information or create picture material)

If you get into contact with us (e.g. via telephone, e-mail or chat) or we contact you, we process the personal data needed for this. We likewise process this data if you visit us. In this case, you may have to provide your contact data before your visit or at reception. We keep these data for a certain period in order to protect our infrastructure and information. 

We use the Microsoft Teams service for holding telephone conferences, online meetings, video conferences and/or webinars ("online meetings"). 

We process the following information in particular:
• contact information (e.g. family name, first name, address, telephone number, e-mail)
• peripheral data for communication (e.g. IP address, duration of communication, communication channel)
• recordings of discussions, e.g. in the case of video conferences
• Other information uploaded, provided or created by the user during the use of the video conference and meta data used for maintenance of the service provided. Additional data on the processing of personal data by Microsoft Teams can be found in its data protection declarations.
• personal information (e.g. profession, function, title, employer company)
• time and reason for visit 

We process these personal data for the purposes described, based on the following legal foundations:
• fulfilment of a contractual obligation with the data subject or on behalf of the data subject, incl. preparatory steps of a contract and any enforcement (provision of a service)
• observance of legitimate interests (e.g. security, traceability and processing and administration of customer relationships).

4.7. Job applications

You can submit your application for a job at our company by post or via the e-mail address stated on our website. The application documents and all personal data disclosed therewith to us are treated as strictly confidential, not disclosed to any third party and only processed by us for the purpose of processing your application for an appointment. In the absence of your consent to the contrary, your application dossier is either returned to you or deleted/destroyed after conclusion of the application process, unless it is subject to a statutory retention obligation. The legal foundations for the processing of your data are your consent, the fulfilment of the contract with you and our legitimate interests.

We process the following information in particular:
 • contact information (e.g. family name, first name, address, telephone number, e-mail)
 • personal information (e.g. profession, function, title, employer company)
 • application documents (e.g. motivation letter, references, degree certificates, C.V.)
 • evaluation information (e.g. evaluation of personnel consultants, reference information, assessments)

We process these personal data for the purposes described, based on the following legal foundations:
 • observance of legitimate interests (e.g. appointment of new employees)
 • Consent.

If we conclude a contract with you to enable you to perform a service for us, we process your personal data or that of your employees. We need these data to communicate with you and make use of your services. We also process these personal data to check whether, under certain circumstances, a conflict of interest could exist in connection with our activity as auditor and to ensure we do not enter into any unwanted risks through the cooperation, e.g. regarding money laundering or sanctions.

We process the following information in particular:
 • contact information (e.g. family name, first name, address, telephone number, e-mail)
 • personal information (e.g. profession, function, title, employer company).
 • financial information (e.g. data on bank accounts).

 We process these personal data for the purposes described, based on the following legal foundations:
 • conclusion or processing of a contract with the data subject or on behalf of the data subject, incl. preparatory steps of a contract and any enforcement
 • observance of legitimate interests (e.g. avoidance of conflict of interests, protection of the company, enforcement of legal claims).

We use cookies on our website. These are small files that your browser automatically creates and that are saved on your device (laptop, tablet, smartphone, etc.) when you visit our website.

Information is stored in the cookie that arises in connection with the specific device that is used. However, this does not mean that we obtain direct knowledge of your identity as a result. On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use session cookies to detect that you have already visited certain pages of our website. These are automatically deleted after leaving our website.

To obtain information about the use of our website, improve our Internet offering and be in a position to address you on third-party websites or social media with advertising, we use the following web analysis tools and re-targeting technologies: Google Analytics.

These tools are provided by third-party providers. The information collected for this purpose on the use of a website is usually transferred by the use of cookies or similar technologies to the server of the third-party provider. Depending on the third-party provider, these servers are abroad.

Normally, the data are transferred after abbreviation of the IP addresses, thus preventing identification of individual devices. Transfer of this information by third-party providers only occurs on the basis of legal regulations or as part of order processing.

On our websites we use Google Analytics, the web analysis service of Google LLC, Mountain View, California, USA. Google Limited Ireland is responsible for Europe ("Google"). Google provides a browser plug-in for deactivation of Google Analytics at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store specific information related to the user on the user's device. These permit analysis of the use of our website offering by Google. The information recorded by the cookie on the use of our website (including your IP address) is usually transferred to a Google server in the USA and stored there. We point out that on this website, Google Analytics has been expanded with the code "gat._anonymizeIp();" in order to guarantee anonymised recording of IP addresses (IP masking). If the anonymisation is active, Google abbreviates IP addresses within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Consequently, no conclusions can be drawn regarding your identity. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. Under certain circumstances, Google will combine your IP address with other data of Google. Google has undertaken to sign and observe the EU standard contractual clauses for data transfers to the USA. 

On our website we use Google Maps (API) of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, CA 94043, USA; Google Limited Ireland is responsible for Europe, "Google"). Google Maps is a web service for the presentation of interactive maps to present geographical information visually. By using this service, our location is displayed and any journey there is facilitated. As soon as you retrieve those subpages in which the map from Google Maps is integrated, information about your use of our website (such as your IP address) is transferred to a server of Google in the USA and stored there. This occurs irrespective of whether Google provides a user account via which you are logged in or whether no user account exists. If you are already logged in at Google, you data will be assigned directly to your account. If you do not wish the assignment to your profile at Google, you must log out before activation of the button. Google stores your data (even for users not logged in) as usage profiles and evaluates them.

Google has undertaken to sign and observe the EU standard contractual clauses for data transfers to the USA. 

Social media plugins ("plugins") from third-party providers are used on our website. The plugins can be recognised by the logo of the respective social network. We offer you the option via the plugins to interact with the social networks and other users. We use the following plugins on our website: Facebook, Twitter, LinkedIn, YouTube. If you access our website, your browser establishes a direct connection to the servers of the third-party provider. The content of the plugin (e.g. YouTube videos) is transferred directly by the respective third-party provider to your browser and integrated into the page.

The data forwarding for display of contents (e.g. publications on Twitter) occurs irrespective of whether you have an account with the third-party provider and are logged in there. Moreover, if you are logged in at the third-party provider, your data collected on our website are assigned directly to your existing account at the third-party provider. If you activate the plugins, the information is also published on the social network and displayed there to your contacts. You can find the purpose and scope of the data collection and further processing, the use of data by the third-party provider as well as your rights and settings options for the protection of your privacy in the data protection information of the third-party provider. The third-party provider stores the data collected about you as usage profiles and uses these for the purpose of advertising, market research and/or configuration of its website according to requirements. Data is also evaluated in particular for users who are not logged in, for the presentation of advertising according to needs and to inform other users of the social network of your activities on our website. If you want to prevent the third-party providers from assigning the data collected about our website to your personal profile, you must log out of the corresponding social network before visiting our website. You can also prevent the loading of the plugin completely with specialised add-ons for your browser, such as "Ghostery" (https://www.ghostery.com/) or "NoScript" (http://noscript.net/).

We use the software Outlook for the mailing of our newsletter. The newsletter can be sent and analysed with this software. To conduct this analysis, we collect device and access data. To collect these data, the newsletter may include a pixel. Moreover, the newsletter or the websites that can be accessed via this newsletter are tracked with cookies. A pixel is a picture file that is stored on the device of the recipient.

By using these technologies, we obtain information regarding whether the newsletter has arrived, been opened and which contents were clicked. We use this information to improve our newsletter and to improve our offers. Setting of a pixel can be prevented by deactivating HTML in the mail program (differs according mail program)

7. Data forwarding and data transfer

We only pass on your data to third parties if this is necessary to perform our service, if these third parties perform a service for us, if we are obliged to do so by law or officially, or if we have an overriding interest in the forwarding of the personal data. We also pass on personal data to third parties if you have given your consent to this or asked us to do so.

Not all personal data are transferred encrypted as standard. Unless explicitly agreed with the customer, bookkeeping data, payroll administration data, payslips and wage statements are transferred unencrypted.

The following categories of recipients can receive personal data from us:
 • service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).
 • third parties in the context of our legal or contractual obligations, authorities, state institutions, courts.

We conclude contracts with service providers who process personal data on our behalf, obliging the latter to guarantee data protection. The majority of our service providers are in Switzerland or in the EU / EEA. Certain personal data can also be transferred to the USA (e.g. Google Analytics data) or in exceptional cases to other countries worldwide. Should data transfer to other countries that do not have an adequate data protection level be necessary, this occurs based on the EU standard contractual clauses (e.g. in the case of Google) or other suitable instruments.

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or other purposes pursued with the processing, i.e. for example for the period of the entire contractual relationship (from initiation, handling until completion of the contract) and beyond, pursuant to the statutory retention and documentation obligations. It is possible in this regard that personal data are retained for the period in which claims against our company can be asserted (i.e. particularly during the statutory period of limitation) and if we are otherwise legally obliged to do so, or legitimate business interests require this (e.g. for proof and documentation purposes). As soon as your personal data are no longer needed for the above-mentioned purposes, they are deleted or anonymised if possible. In general, shorter retention periods of twelve months or less apply to operational data (e.g. system logs, logs).

We take appropriate technical and organisational security precautions to protect your personal data against unauthorised access and abuse, such as issuing instructions, courses, IT and network security solutions, access controls and restrictions, encryption of data-carriers and transfers, pseudonymisation and controls.

In the context of our business relationship, you must provide those personal data that are required for the commencement and conduct of a business relationship and the fulfilment of the associated contractual obligations (you are not usually under a legal obligation to provide us with data). We will be unable to conclude or process a contract with you (or the body or person you represent) without these data. The website cannot be used either if certain information for protecting the data traffic (e.g. IP address) cannot be disclosed.

You have the following rights in connection with our processing of personal data:

 • right to information about the personal data concerning you that we have stored, the purpose of the processing, the origin, and regarding recipients or categories of recipients to whom personal data are forwarded.
 • right to rectification if your data are incorrect or incomplete.
 • right to restriction of processing of your personal data.
 • right to demand erasure of the personal data processed.
 • right to data portability.
 • right to object to data processing or revoke consent to processing of personal data at any time, without stating reasons.
 • right to complaint to a responsible supervisory authority if legally provided for.

 To assert these rights, please contact the address stated under section 1.

 However, please bear in mind that we reserve the right on our part to assert the restrictions legally provided for, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (if we may plead this), or need the data for the assertion of claims. If costs are incurred for you, we will inform you in advance.

 We expressly reserve the right to amend this Data Protection Declaration at any time. Last amendment: August 2023