Data Protection Declaration

    In this Data Protection Declaration, we, Fineac Treuhand Zug AG, Fineac Treuhand Schwyz AG, Fineac Treuhand Zürich AG, Fineac Tax AG, Fineac Audit AG and Fineac Management AG as well as AC Verwaltungs GmbH (hereinafter “Fineac Group”) describe how we collect and process personal data. This Data Protection Declaration is not an exhaustive description; other declarations relating to data protection may regulate specific issues. For the purposes of this Data Protection Declaration, “personal data” means any information relating to an identified or identifiable natural person.

     

    1. Data processor and contact 

    Fineac Group is responsible for the data processing we describe here, unless specified otherwise in specific cases. Enquiries regarding data protection may be sent to us by letter or e-mail, enclosing a copy of the user's ID or passport for identification purposes:

     

    Fineac Treuhand Zug AG
    Datenschutzbeauftragte
    Poststrasse 30, 6300 Zug
    Phone: +41 41 727 51 00
    sekretariat@fineac.ch
    info@fineac.ch

     

    2. Collection and processing of personal data

    We process personal data of the following categories in particular:

    • Data of customers for whom we provide or have provided services
    • Personal data that we have received indirectly from our customers in the course of providing services
    • When visiting our website
    • When using our newsletter
    • When we communicate or a visit takes place
    • In case of other contractual relations, e.g. as supplier, service provider or consultant
    • For job applications
    • If we are required to do so for legal or regulatory reasons
    • When we are performing our due diligence obligations or safeguarding other legitimate interests, e.g. to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security, or enforce our rights 

     

    More detailed information can be found in the description of the respective categories of processing in Section 4.

     

    3. Categories of personal data

    What personal data we process depends on your relationship with us and the purpose for which we process such data. In addition to your contact details, we also process other information of you or of people who have a relationship with you. Under certain circumstances, this information may also constitute personal data requiring special protection.


    We collect the following categories of personal data, depending on the purpose for which we process such data:

    • Contact information (e.g. last name, first name, address, phone number, e-mail address, other contact information, marketing data)
    • Customer information (e.g. date of birth, nationality, marital status, religious denomination, occupation, title, job title, passport / ID number, social security number)
    • Risk assessment data (e.g. credit rating information, commercial register data)
    • Financial information (e.g. data on bank accounts, statements of assets and interest, e-banking)
    • Engagement data depending on the engagement (e.g. tax information, articles of association, minutes, projects, contracts, employee data (e.g. salary, social insurance, religion), accounting data, beneficial owners, ownership structure)
    • Website data (e.g. IP address, device information (UDI), browser information, language settings, downloaded files, website usage (analysis and use of plug-ins, etc.))
    • Job application data (e.g. curriculum vitae, references)
    • Marketing information (e.g. newsletter subscription)
    • Security and network data (e.g. visitor lists, access controls, network and mail scanners, telephone call lists)

     

    To the extent permitted, we also take certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) and receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties. In addition to the data about you that you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information, information about you that people close to you (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or involve you (e.g. references, your address for deliveries, powers of attorney), information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours on the use or provision of services by you (e.g. payments made, purchases made), information from the media and Internet about you (where this is appropriate in specific cases, for example, in the context of a job application, etc.), your addresses and, where applicable, interests and other sociodemographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages viewed and content, functions used, referring website, location information).

     

    4. Purpose of data processing and legal basis

    4.1 Provision of services

    We primarily process the personal data that we receive from our clients and other business partners within the framework of our client relations and other contractual relations with them and other persons involved in them.


    In particular, the personal data of our customers include the following information:

    • Contact information (e.g. last name, first name, address, phone number, e-mail address, other contact information, marketing data)
    • Personal information (e.g. date of birth, nationality, marital status, religious denomination, occupation, title, job title, passport / ID number, social security number, family circumstances, etc.)
    • Risk assessment data (e.g. credit rating information, commercial register data, sanctions lists, specialised databases, data from the Internet)
    • Financial information (e.g. data on bank details, investments or shareholdings)
    • Engagement data, depending on the engagement, for example tax information, articles of association, minutes, employee data (e.g. salary, social insurance), accounting data, etc.
    • Personal data requiring special protection: These personal data may also include sensitive personal data, such as data relating to health, religious beliefs or social assistance measures, especially if we provide payroll processing or accounting services.

     

    We process these personal data for the described purposes on the following legal bases:

    • Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including initiation of a contract and possible enforcement (e.g. consulting, fiduciary services)
    • Fulfilling a legal obligation (e.g. when we perform our duties as auditors or are required to disclose information)
    • Safeguarding legitimate interests, (e.g. for administrative purposes, to improve our quality, ensure safety, manage risk, enforce our rights, defend against claims, or to review potential conflicts of interest)
    • Consent (e.g. to send marketing information)

     

    4.2 Indirect data processing based on the provision of services

    When we provide services to our customers, we may also process personal data that we have not collected directly from the data subjects or personal data from third parties. These third parties are usually employees, contacts, family members or persons who have a relationship with customers or data subjects for other reasons. We need these personal data to fulfil contracts with our customers. We receive these personal data from our customers or from third parties contracted by our customers. Third parties whose information we process for this purpose are informed by our customers that we are processing their data. Our customers can refer to this Data Protection Declaration for this purpose.

     

    In particular, the personal data of the persons who have a relationship with our customers include the following information:

    • Contact information (e.g. last name, first name, address, phone number, e-mail address, other contact information, marketing data)
    • Personal information (e.g. date of birth, nationality, marital status, religious denomination, profession, title, job title, passport / ID number, social security number, family circumstances, etc.)
    • Financial information (e.g. data on bank details, investments or shareholdings)
    • Engagement data, depending on the engagement, for example tax information, articles of association, minutes, employee data (e.g. salary, social insurance), accounting data
    • Personal data requiring special protection: These personal data may also include sensitive personal data, such as data relating to health, religious beliefs or social assistance measures, especially if we provide payroll processing or accounting services.

     

    We process these personal data for the described purposes on the following legal bases:

    • Conclusion or execution of a contract with the data subject and/or for the benefit of the data subject (e.g. when we perform our contractual obligations)
    • Fulfilment of a legal obligation (e.g. when we perform our duties as auditors or are required to disclose information)
    • Safeguarding legitimate interests, in particular our interest in providing optimum service to our customers

     

    4.3 Use of our website

    No personal data need to be disclosed to use our website. However, the server collects a series of user information at each visit, which is temporarily stored in the server's log files.
    When using this general information, no assignment to a specific person takes place. The collection of this information or these data is technically necessary to display our website and to ensure its stability and security. This information is also collected to improve the website and analyse its use.

     

    In particular, we process the following information: 

    • Contact information (e.g. last name, first name, address, phone number, e-mail, other contact information, marketing data)
    • Other information that you submit to us via the website
    • Technical information automatically transmitted to us or our service providers, information about user behaviour or website settings (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, clicks on links, etc.).

     

    We process these personal data for the described purposes on the following legal bases:

    • Safeguarding legitimate interests, (e.g. for administrative purposes, to improve our quality, analyse data or publicise our services)
    • Consent (e.g. to the use of cookies or the newsletter)

     

    4.4 Newsletter usage

    If you subscribe to our newsletter, we use your e-mail address and other contact data to send you the newsletter. You can subscribe to our newsletter with your consent. The data required to send the newsletter are your full name and your e-mail address, which we store after your registration. The legal basis for the processing of your data in connection with our newsletter is your consent to the sending of the newsletter. You can revoke this consent at any time and unsubscribe from the newsletter.

     

    4.5 Direct communication and visits

    If you contact us (e.g. via telephone, e-mail or chat) or if we contact you, we process the personal data necessary for this purpose. We also process these personal data when you visit us. In this case, you may be required to leave your contact information prior to your visit or at the reception desk. We retain these data for a certain period of time to protect our infrastructure and information.
    For conducting conference calls, online meetings, video conferences and/or webinars ("online meetings"), we mainly use the service "Microsoft Teams". However, other services (e.g. "Zoom") may also be used if necessary or at your request.

    In particular, we process the following information:

    • Contact information (e.g. last name, first name, address, phone number, e-mail, other contact information)
    • Peripheral data for communication (e.g. IP address, duration of communication, communication channel)
    • Recordings of conversations, e.g. during video conferences
    • Other information uploaded, provided or created by the user during the use of the video conferencing service, as well as metadata used for the maintenance of the service provided. Additional information about the processing of personal data by Microsoft Teams or other services can be found in their data protection declarations.
    • Personal information (e.g. occupation, function, title, employer)
    • Time and reason for the visit (e.g. submission of documents)

     

    We process these personal data for the described purposes on the following legal bases:

    • Fulfilment of a contractual obligation with the data subject and/or for the benefit of the data subject, including initiation of a contract and possible enforcement (provision of a service)
    • Safeguarding legitimate interests (e.g. security, traceability, and processing and administration of customer relations)

     

    4.6 Job applications

    You can submit your application for a position with us by postal mail or via the e-mail address provided on our website. Furthermore, it is also possible to apply via social networks such as LinkedIn. The application documents and all personal data disclosed to us in this way will be treated as strictly confidential, will not be disclosed to any third party and will only be processed for the purpose of handling your application for employment with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal retention obligation. The legal basis for processing your data is your consent, the fulfilment of the contract with you and our legitimate interests.

     

    In particular, we process the following information:

    • Contact information (e.g. last name, first name, address, phone number, e-mail address, other contact information)
    • Personal information (e.g. occupation, function, title, employer)
    • Application documents (e.g. letter of motivation, certificates, diplomas, curriculum vitae, salary range)
    • Assessment information (e.g. assessment of personnel consultants, reference information, other assessments)

     

    We process these personal data for the described purposes on the following legal bases:

    • Safeguarding legitimate interests (e.g. hiring new employees)
    • Consent

     

    4.7 Suppliers, service providers, other contractual partners

    If we enter into a contract with you to provide a service to us, we will process personal data about you or your employees. We need these in order to communicate with you and to make use of your services. We may also process these personal data to check whether there could be a conflict of interest in connection with our work as auditors (if applicable) and to ensure that we do not enter into any unwanted risks with the cooperation, e.g. with regard to money laundering or sanctions.

    In particular, we process the following information:

    • Contact information (e.g. last name, first name, address, phone number, e-mail, other contact information)
    • Personal information (e.g. occupation, position, title, employer).
    • Financial information (e.g. bank account details)

     

    We process these personal data for the described purposes on the following legal bases:

    • Conclusion or execution of a contract with the data subject and/or for the benefit of the data subject, including the initiation of a contract and possible enforcement
    • Safeguarding legitimate interests, (e.g. avoiding conflicts of interest, protecting the company, enforcing legal claims)

     

    5. Tracking technologies

    We use cookies on our website. “Cookies” are small files that are automatically created by your browser and stored on your device (laptop, tablet, smart phone, etc.) when you visit our site.

     

    Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that we will immediately gain knowledge of your identity. The use of cookies serves to make the use of our offerings more pleasant for you. For example, we use session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after you leave our site.

     

    In addition, to optimise user-friendliness, we also use temporary cookies that are stored on your terminal device for a specified period of time. If you visit our site again to use our services, it is automatically recognised that you have already visited us, and the inputs and settings you made are recognised so that you do not have to enter them again. We also use cookies in order to record the use of our website statistically and to evaluate it for the purpose of optimising our offerings for you. These cookies enable us when you return to our site to automatically recognise that you have already been with us. These cookies are automatically deleted after a defined period of time.

    The data processed by cookies are necessary for the aforementioned purposes. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies will be stored on your computer or so that a message will always appear before a new cookie is created. However, if you disable cookies completely, you may not be able to use all the features of our website.

     

    6. Web and newsletter analysis

    In order to obtain information about the use of our website, to improve our Internet offerings and to be able to address you with advertising on third party websites or on social networks, we use the following web analysis tools and re-targeting technologies: Google Analytics, Mailchimp (newsletter tool).

    These tools are provided by third party providers. As a rule, the information collected for this purpose about the use of a website is transmitted to the third party provider's server using cookies and similar technologies. Depending on the third party provider, these servers may be located abroad.

    The transmission of data usually takes place with the IP addresses shortened, preventing the identification of individual end devices. This information is only transferred by third party providers based on legal regulations or within the framework of job data processing.

     

    6.1 Google Analytics

    We use Google Analytics on our websites, the web analysis service of Google LLC, Mountain View, California, USA. Google Limited Ireland ("Google") is the entity responsible for Europe. To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses "cookies". These are small text files that make it possible to store specific information related to the user on the user's terminal device. These enable Google to analyse the use of our website offerings. The information recorded by the cookie about the use of our site (including your IP address) is usually transferred to a Google server in the US and stored there. We would like to point out that Google Analytics has been extended on this website to include the code «gat._anonymizeIp();»  in order to guarantee anonymous collection of IP addresses (“IP masking”). If anonymisation is active, Google truncates IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and abbreviated there. In some circumstances, Google will merge your IP address with other data. For data transfers to the US, Google has committed to sign and comply with the EU standard contractual clauses.

     

    6.2 Google Maps

    On our website, we use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Limited Ireland, "Google” is the entity responsible for Europe). Google Maps is a web service for displaying interactive maps (of terrain) to visually represent geographical information. By using this service, our location is displayed to you and a possible approach facilitated. Already when retrieving those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the US and stored there. This occurs regardless of whether Google provides a user account that you are logged into or whether there is no user account. When you are logged into Google, your data will be directly associated with your account. If you do not want this association to be made by Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

    For data transfers to the US, Google has committed to sign and comply with the EU standard contractual clauses.

     

    6.3 Social media plugins

    Social media plugins from third party providers are used on our website. The plugins are recognisable by the logo of the respective social network. Through the plugins, we offer you the opportunity to interact with social networks and other users. We use the following plugins on our website: LinkedIn

     

    When you visit our website, your browser establishes a direct connection to third party provider's servers. The content of the plug-in (e.g. YouTube videos) is transmitted by the respective third party provider directly to your browser and integrated into the page.

    The data transfer for the display of content (e.g. publications on Twitter) takes place regardless of whether you have an account with the third party provider and are logged in there. If you are logged in with the third party provider, your data collected by us will be directly assigned to your existing account with the third party provider. If you activate the plugins, the information will also be published on the social network and displayed there to your contacts. For the purpose and scope of data collection and the further processing and use of the data by the third party provider as well as your rights and setting options for the protection of your privacy, please refer to the third party provider’s data protection declaration. The third party provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular also for users who are not logged in in order to display demand-oriented advertising and to inform other users of the social network about your activities on our website. If you would like to prevent the third party providers from assigning the data collected via our website to your personal profile in the respective social network, you must log out of the corresponding social network before visiting our website. You can also completely prevent the loading of plugins with specialised add-ons for your browser, such as "Ghostery" (https://www.ghostery.com/) or "NoScript" (http://noscript.net/).

     

    6.4 Newsletter tracking

    We use the software Mailchimp to send our newsletters. Newsletters can be sent and analysed with this software. To perform this analysis, we collect device and access data. To collect these, the newsletter contains a pixel. The newsletter and/or the websites accessible from this newsletter are also tracked with cookies. A pixel is an image file which is stored on the receiver's device.

    With the help of these technologies, we receive the information whether the newsletter has arrived, has been opened and which content has been clicked on. We use this information to improve our newsletter and our offerings.
    The placement of a pixel can be prevented by deactivating HTML in the mail programme (varies depending on the e-mail programme).

     

    7. Data sharing and transmission

    We will only disclose your data to third parties if this is necessary to provide our service, if these third parties provide a service for us, if we are required to do so by law or by the authorities, or if we have an overriding interest in disclosing the personal data. We will also disclose personal data to third parties if you have given your consent or requested us to do so.

    Not all personal data are transmitted encrypted by default. 

    The following categories of recipients may receive personal data from us:

    • Permanent establishments, subsidiaries or affiliated companies
    • Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies)
    • Third parties within the scope of our legal or contractual obligations, public authorities, government institutions, courts of law

     

    We conclude contracts with service providers who process personal data on our behalf, obliging them to ensure data protection. The majority of our service providers are located in Switzerland or in the EU / EEA. Certain personal data may also be transferred to the US (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. If a data transfer to other countries that do not have an adequate level of data protection is necessary, this will take place on the basis of the EU standard contractual clauses (e.g. in the case of Google) or other suitable instruments).

     

    8. Duration of the retention of personal data

    We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise the purposes pursued with the processing, e.g. for the duration of the entire business relation (from the initiation, processing to the termination of a contract) as well as beyond pursuant to the retention and documentation obligations stipulated by law. In this context, it is possible that personal data will be retained for the period during which claims can be asserted against our company (i.e. in particular during the statutory period of limitation) and insofar as we are otherwise legally obliged to do so or legitimate business interests so require (e.g. for evidentiary and/or documentation purposes). As soon as your personal data are no longer required for the aforementioned purposes, they will in principle be deleted or anonymised as feasible. For operational data (e.g. system logs), shorter retention periods of twelve months or less generally apply.

     

    9. Data security

    We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation and controls.

     

    10. Obligation to provide personal data

    Within the scope of our business relation, you must provide those personal data that are necessary for the establishment and implementation of a business relation and the fulfilment of the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this information, we will not be able to enter into or perform a contract with you (or the entity or person you represent). Nor may the website be used if certain information to secure the traffic (e.g. the IP address) is not disclosed.

     

    11. Your rights

    You have the following rights in connection with our processing of personal data:

    • Right to information about personal data stored by us about you, the purpose of processing, the origin and about recipients or categories of recipients to whom personal data is disclosed
    • Right to rectification if your data are incorrect or incomplete
    • Right to restrict the processing of your personal data
    • Right to request the erasure of the processed personal data
    • Right to data portability
    • Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons
    • Right to complain to a competent supervisory authority, as provided by law

     

    To exercise these rights, contact us at the address indicated in Section 1.

     

    Please note, however, that we reserve the right to assert the restrictions provided by law on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or require the data for the assertion of claims. If you are to incur any costs, we will inform you in advance.

     

    12. Amendments to this Data Protection Declaration

    We expressly reserve the right to change this Data Protection Declaration at any time.
    Last change: May 2023