GENERAL CONDITIONS OF FEDERAL ACT ON DATA PROTECTION (FADP)
1. GENERAL
Our companies, Fiduciaire Michel Favre SA, Fiduciaire Favre Révision SA, FFJ Favre Fiscal et Juridique SA and FJF Favre Juridique et Fiscal SA (hereinafter referred to as “our Companies”), are committed to respecting the privacy of their clients and to complying with all applicable data protection and confidentiality laws.
To this end, our Companies ensure that their clients’ data is confidential, secure and accurate. As such, each customer has the right to access, correct or delete their personal information in accordance with applicable law.
To provide their services, our Companies may transfer personal data to third parties, in particular to public authorities. Such transfers of information are made solely for the purpose of fulfilling the mandate entrusted to us and in compliance with applicable data protection laws. By accepting our general terms and conditions, our clients consent to the transfer of their data to third parties for the purpose of carrying out the mandate entrusted to us.
2. WHO PROCESSES OUR CUSTOMERS’ INFORMATION?
The personal data of our customers will only be processed by the employees of our Companies in the context of the performance of the mandate entrusted to them or the transmission of information such as our newsletters or invitations to events concerning our Companies. Digital data is stored on a secure server and is regularly updated.
When we provide services to our clients, we may also process personal data of third parties or data that we have not collected directly from the data subjects (indirect processing of data arising from the provision of services). These third parties are generally employees, contact persons, family members or persons who otherwise deal with our customers or the data subjects. We need this personal data to carry out the mandates we have agreed with our clients. This personal information is provided to us by our clients or by third parties on their behalf. Our clients are responsible for informing the third parties whose data is being processed. For this purpose, our clients may refer to these general data protection conditions.
3. WHAT INFORMATION IS PROCESSED ?
We collect and process only the personal data necessary to fulfil the mandate entrusted to us by our clients. When processing our clients’ personal data, we rely on the legal bases applicable to the mandate entrusted to us.
In addition to the data provided directly by our clients, the categories of personal data that we receive from third parties include, in particular, data from public registers, data that come to our attention in the course of administrative or legal proceedings, data relating to the functions and activities of our clients, data relating to our clients contained in correspondence and interviews with third parties, information on solvency, data relating to compliance with legal requirements such as anti-money laundering and export restrictions, data from banks, insurance companies, distribution partners and other contractual partners of our organisation in connection with the use or provision of services to our customers, data from the media and the Internet, and data relating to the use of our website (e.g. IP address, MAC address of the smartphone or computer, configuration data, cookies, date and time of the site visit, pages and site content consulted, functions used).
Where our companies are required to process sensitive personal data as defined by the Federal Act on Data Protection (FADP), they undertake to obtain the express consent of our customers.
Sensitive personal data means, (art. 5, c FADP):
– Data relating to religious, philosophical, political or trade union-related views or activities.
– Data relating to health, the private sphere or affiliation to a race or ethnicity,
– Genetic data,
– Biometric data that uniquely identifies a natural person,
– Data relating to administrative and criminal proceedings or sanctions,
– Data relating to social assistance measures.
Naturally, our customers may withdraw their consent at any time.
4. USE OF OUR WEBSITE
It is not necessary to provide any personal information to use our website. However, each time the site is consulted, the server collects a certain amount of information about the user, which is temporarily stored in the server’s log files.
When this general information is used, it is not attributed to a specific person. The collection of this information or data is technically necessary to display our website and to guarantee its stability and security. This information is also collected to improve the website and to analyse the general use of our website. This includes automatically transmitted technical data (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, clicking on links, etc.).
Our website uses Google Analytics, a web analytics service provided by Google LLC, which is responsible for Europe on behalf of Google Limited Ireland (“Google”). Our users have the ability to disable Google Analytics in their Google browser settings. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and analysed by Google for the purposes of evaluating your use of the website.
Third parties use “social plugins” on our site. These plugins can be identified by the social network logos. The plugins allow our users to interact with social networks and other users. We use the following plugins on our site: LinkedIn and YouTube. When our users visit our website, their browser establishes a direct connection with the servers of the third party provider. The third party sends the content of the plugin (e.g. YouTube video) directly to your browser, which integrates it into the page. The transfer of data to display the content is independent of the existence of an account with the third party. Our users should consult the third party’s privacy policy to learn about the purpose and scope of the collection, processing, and use of such data by private parties.
5. ANALYSIS AND MONITORING TECHNOLOGY
We use cookies on our website. Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website.
The cookie stores information relating to the specific device being used. However, this does not mean that we know your identity immediately. We use cookies to make our site more convenient for our users. For example, we use session cookies to track how pages on our site are viewed. These cookies are automatically deleted when the user leaves our site.
We also use temporary cookies to improve the user experience. These files are stored on the user’s terminal for a set period of time. If the user visits our site again to use our services, they will be automatically recognised as having been on our site before and any entries/parameters they have made will also be recognised.
Most web browsers automatically accept cookies. However, users can configure their browsers so that cookies are not stored on their computer or so that a message is displayed before a new cookie is created. However, completely disabling cookies may mean that the user will no longer be able to use all the features of our website.
We use Google Maps from Google Inc. on our website. Google Maps is a web service that provides interactive maps for displaying geographic information. Using this service allows you to locate our offices and makes it easier for you to get around. When our users access pages on which Google Maps is integrated, information about the use of our website (such as the IP address) is transmitted to and stored by Google on servers in the United States. This transfer takes place regardless of whether our users have an account with Google and are logged in. If our users are connected to Google, their data will be associated directly with their account. If our users do not want their profile to be associated with Google, they must log out before activating the button. Google stores and analyses the data of our users (even if they are not logged in) as user profiles.
With respect to transfers to the United States, Google has agreed to sign and abide by the EU standard contractual clauses.
6. DIRECT COMMUNICATION WITH THE CUSTOMER
When our customers contact us (e.g. by phone, email or chat) or when we contact them directly, we process the personal data necessary for that contact. We also process personal data when our customers visit our premises. In this case, our customers may be asked to provide their contact details before they arrive or to leave them at reception. We will retain this information for a period of time to protect our infrastructure and your information.
To organise conference calls, online meetings, video conferences and/or webinars (“online meetings”), we use the “Zoom” service or “Microsoft Teams” (and similar programs). In particular, we process the following information
– Contact information (e.g. name, first name, address, telephone number, email address),
– Secondary communication data (e.g. IP address, duration of communication, communication channel),
– Recording of conversations, e.g. videoconferences,
– Other information that the user uploads, provides or creates while using the videoconferencing service, as well as metadata used to maintain the service provided. For more information about the processing of personal data by “Zoom” or “Microsoft Teams” (and similar programs), please refer to the privacy policies of these services,
– Personal information (e.g., occupation, position, title, employer’s company),
– Time and purpose of your visit.
We process personal data for the purposes described on the basis of the following legal bases:
– Fulfilment of a contractual obligation with or on behalf of the data subject, including the preparation of the contract and its possible execution (provision of a service),
– Safeguarding of legitimate interests (e.g. security, traceability and processing and management of customer relations).
7. VIDEO SURVEILLANCE
The video surveillance system consists of cameras installed both inside and outside the building. Only video images within the premises are recorded, in particular in the following areas
– Car park and garage;
– Main entrance and secondary entrances to our offices.
All video surveillance is indicated in an appropriate place (by a camera symbol). The video surveillance system collects movement data. This data is not stored together with other personal data of the person concerned.
The processing of visitor and video surveillance data serves to reduce, avoid and prevent criminal offences, to investigate criminal offences and other serious infringements, to enforce the right of residence and to protect property.
8. NEWSLETTER
If our customers subscribe to our newsletter, we use their e-mail address and other contact data to send out the newsletter. Our customers can unsubscribe from the newsletter at any time.
9. WHO DO WE SHARE CUSTOMER INFORMATION WITH?
Our Companies will not use or disclose the personal data of their clients unless they have a legal basis and/or express authorisation to do so in the context of the execution of the mandate entrusted to them. Therefore, personal data will not be disclosed to third parties unless this is necessary for the execution of the mandate.
We enter into contracts with service providers who process personal data on our behalf. By signing these contracts, they agree to guarantee data protection. Most of our service providers are based in Switzerland or the EU. Should data be transferred to other countries where the level of data protection is insufficient, this will be done on the basis of the EU standard contractual clauses or other appropriate instruments.
10. HOW DO WE STORE OUR CUSTOMERS’ PERSONAL INFORMATION?
Our Companies have implemented technical and organisational safeguards to protect customer information from unauthorised access, collection, use, disclosure, copying, modification, sale or other similar risks.
All of our customers’ personal digital information is stored electronically in a firewall-protected database. Our services are hosted in a secure server environment that uses a firewall and other advanced technologies to prevent outside interference or access.
All of our customers’ physical personal information is stored and protected from outside access.
11. HOW LONG ARE OUR CUSTOMERS’ DATA KEPT?
We process and store our customers’ data for as long as is necessary to fulfil our contractual and legal obligations or to achieve the purposes for which the data is processed, e.g. for the duration of the entire business relationship, and beyond that in accordance with statutory retention and documentation obligations. As soon as our customers’ personal data is no longer required for the above-mentioned purposes, it will be deleted or, where possible, rendered anonymous.
12. WHAT RIGHTS DO OUR CUSTOMERS HAVE REGARDING THEIR DATA?
Our customers may contact the data controller of our Companies at the following address: contact@fiduciaire-favre.ch (specifying “Data Protection” in the subject line).
Our customers have the right to request access to their personal data, to know how our Companies use it and to whom it is disclosed, subject to the exceptions provided for in the Federal Data Protection Act. Any request for access must be made in writing to the above email address and must include sufficient detail to identify the personal data sought.
Our customers also have the right to ensure that their data is accurate. Any request for correction of data must be made in writing and must include sufficient detail to identify the data for which correction is requested.
Finally, our customers have the right to request the deletion of data relating to them, subject to legal retention periods. Any request for deletion must be made in writing and contain sufficient detail to identify the data that is to be deleted.
13. CHANGE TO THIS DATA PROTECTION DECLARATION
We reserve the right to change this policy at any time.
Lausanne, February 2024.