Executive Summary
The main principles of our Privacy Policy are summarized here. The full legally binding text can be consulted below.

Data Controller: Konfidens Consulting AG
Hagenholzstrasse 83b - 8050 Zürich - Switzerland (CHE-213.325.889).

Contact
You can contact us in case of questions dataprivacy@konfidens.ch

Right to Access
You have the right to access your data.

Request deletion
You have the right to request deleting/amending of your personal data.

Data sharing
We only share data with third parties when we are permitted to do so.

Data collection
We only collect data for agreed purpose.

Data retention period
We retain data in principle for 12 years

Protection minors
We promise not to intentionally collect data of anyone under the age of 16.

Swiss supervisory authority
You can complain to the Swiss supervisory authority: Federal Data Protection and Information Commissioner (FDPIC) Feldeggweg 1, 3003 Bern Switzerland https://www.edoeb.admin.ch/edoeb/en/home.html
Introduction
In this Privacy Policy, ‘Konfidens’, ‘we’ or ‘us’ refers to Konfidens Consulting AG. Konfidens is strongly committed to protecting personal data. As part of this commitment to privacy, Konfidens regularly reviews its data protection practices to comply with applicable laws, industry standards and best practices. This Privacy Policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this Privacy Policy or as otherwise stated at the point of collection. Please note that this Privacy Policy serves as a general overview and data subjects are informed specifically about their rights and the use of their data at the point of collection.
This Privacy Policy is based, in particular, on the EU’s General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is of significant relevance to us. The Swiss Federal Act on Data Protection (FADP) is heavily influenced by EU law, and companies outside the European Union and the European Economic Area must comply with the GDPR under certain circumstances.
Personal data are any information relating to an identified or identifiable living person. Konfidens processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure and retention periods may differ for each of these purposes
Data controller and contact information
The data controller in accordance with art. 4 (7) GDPR is Konfidens Consulting AG (CHE-213.325.889).
We have appointed a Data Protection Officer in accordance with art. 37 GDPR. If you have any questions about this Privacy Policy or about how and why we process personal data, please contact our Data Protection Officer at:
Data Protection Officer
Konfidens Consulting AG
Hagenholzstrasse 83b
8050 Zürich
Email: dataprivacy@konfidens.ch.
Modifications to this Privacy Policy
Konfidens reserves the right to modify or amend this Privacy Policy at any time by publishing an updated version here. The current version of the Policy shall be accessible on this website. This Privacy Policy was last updated on 24 June 2020.
Individual’s rights
Access to personal data
You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at dataprivacy@konfidens.ch We may charge for a request for access in accordance with applicable law. We aim to respond to any requests for information promptly and, in any event, within the legally required time limit.
Amendment of personal data
To update personal data submitted to us, you may email us at dataprivacy@konfidens.ch. When feasible in practice, once we are informed that any personal data processed by us is no longer accurate, we shall make appropriate corrections based on your updated information.
Withdrawal of consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time.We do not generally process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at dataprivacy@konfidens.ch or, to stop receiving an email from a Konfidens marketing list, please request to ‘unsubscribe’.
Erasure/deletion of personal data
You have the right to request that Konfidens deletes your personal data if there is a legally relevant reason. To request the deletion of your personal data, please send an email to dataprivacy@konfidens.ch together with the reasons why you wish us to delete the data. We shall inform you of the outcome of your request.
Right to lodge a complaint with a supervisory authority
In accordance with art. 77 GDPR, you have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern Switzerland
https://www.edoeb.admin.ch/edoeb/en/home.html
Other data subject rights
As well as the rights referred to above, individuals may have other rights in relation to the personal data we hold, such as the right to restrict or object to our processing of personal data and the right to data portability. If you wish to exercise these rights, please send an email to dataprivacy@konfidens.ch.
Third parties
We shall only share personal data with others when we are legally permitted to do so. When we share data with others, we put arrangements in place to protect the data and to comply with our data protection, confidentiality and security standards.
The transfer of personal data may be possible to:
- Third party organisations that provide applications/functionality, data processing or IT services to us.
- We use third parties to support us in providing our services and to help provide, run and manage our IT systems. Konfidens shall take appropriate precautions to maintain confidentiality and to protect data.
- Third party organisations that otherwise assist us in providing goods, services or information.
- Auditors and other professional advisers
- Law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable laws or regulations
- Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable laws and regulations, to investigate an alleged crime or to establish, exercise or defend legal rights. We shall only fulfil requests for personal data where we are permitted to do so in accordance with applicable laws or regulations.
Stakeholders
In the following sections, we take a detailed look at the stakeholder groups from which we could process personal data as part of their use of this website or other internet-based channels. Please note that other stakeholders whose personal data are processed (e.g. partners and staff, suppliers) are informed of the use of their data and all other legally required information at the point of collection. To find out more, please go to the section(s) of this Privacy Policy applicable to you.
Corporate clients (and individuals associated with our corporate clients)
We only collect the personal data necessary for agreed purposes and we ask our clients to share personal data with us only if it is necessary for those purposes. Where we need to process personal data to provide professional services, we ask our clients to provide the data subjects with the necessary information regarding its use. Our clients may use relevant sections of this Privacy Policy or refer data subjects to this Privacy Policy if they consider it appropriate to do so.
Depending on the services that we provide to clients, we could process many categories of personal data, including:
- contact details;
- business activities;
- information about management and employees;
- payroll and other financial- and tax-related details;
- internal processes and procedures;
- corporate IT systems; and
- investments and other financial interests.
Generally, we collect personal data from our clients or from a third party acting on the instructions of the relevant client. Only the persons performing the processing activities have access to these personal data. In this way, the data are treated as highly confidential within Konfidens.
Purposes of processing personal data
Initiating and fulfilling contracts
Konfidens processes personal data to carry out pre-contractual measures (such as preparing an offer, conducting internal pre-contractual compliance checks or creating a contract) and to provide the contractually agreed services, including the administrative execution and billing of the order. The legal basis for the processing is art. 6 (1) lit. b GDPR. In this context, the contact data are processed in particular, such as name, address, telephone number and email address.
Konfidens uses IT systems in which personal data are stored and managed for the processing of order enquiries and orders.
No automated decision-making or profiling is undertaken.
The length of time that personal data are retained is determined by the data processing described below for the purpose of file management, documentation and archiving.
If the data subject has not contracted Konfidens as a person, we could receive the contact details from the employer, i.e. our client. In this case, the personal data shall be processed on the basis of art. 6 (1) lit. f GDPR, as there is a legitimate interest in processing. On the basis of a contract with our client, Konfidens is subject to an obligation to provide the service for which it is commissioned. In order to be able to provide this service, it is necessary to process the data of the contact persons and persons with responsibility at the client. This constitutes a legitimate interest of Konfidens in the processing of these data. Accordingly, the same applies when preparing a proposal for the provision of services.
Please note that, in accordance with Konfidens’s General Terms and Conditions of Business, the client is obliged to cooperate in providing Konfidens with all documents and information necessary for the execution of the contract. If and to the extent that the necessary information is not provided, Konfidens will not or only to a limited extent be able to process the client’s order and provide the agreed service.
Security, quality and risk management activities
We have security measures in place to protect our and our clients’ information (including personal data. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures, we carry out searches using publicly available sources (e.g. the internet and sanctions lists) to identify politically exposed persons and individuals and organisations involving heightened risk. Such searches are used to check there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions –including in respect of company directors – or conduct or other reputational issues).
Providing our clients with information about us and our range of services
Konfidens also uses contact data (in particular, name, address, email address) to obtain customer feedback or to provide the client with information on other offers, services or events.
This processing is carried out on the basis of a legitimate interest of Konfidens in accordance with art. 6 (1) lit. f GDPR. There is a legitimate economic interest in informing Konfidens’s customers and clients about offers and events of our own in order to establish and maintain a long-term customer relationship.
Complying with any requirement of law, regulation or a professional body of which we are a member
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
Management of business contacts
If Konfidens has received contact data within the framework of a business event, within the framework of a business appointment (e.g. by exchanging business cards) or within the framework of an order, we also use these contact data (in particular, name, address, email address) to maintain our business contacts. For this purpose, we transfer the contact data into the customer relationship management (CRM) systems used by us.
This processing is carried out on the basis of a legitimate interest of Konfidens in accordance with art. 6 (1) lit. f GDPR. Konfidens has a legitimate economic interest in maintaining contacts established in the course of business transactions beyond the initial contact and in using them to establish a business relationship and to remain in contact with those affected for this purpose.
We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, to provide insights to our clients, to improve our business, service delivery and offerings and to develop new technologies and offerings.
Data retention
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable laws or regulations).
Our baseline retention period is 12 years for records and other documentary evidence created in the provision of services, in the absence of specific legal, regulatory or contractual requirements.
Konfidens is legally obliged to keep records properly and to document its mandates and orders extensively. These files and the documentation must also be kept and stored after completion of an order or mandate for retention periods specified by law. In addition, Konfidens is subject to further statutory documentation and storage obligations, which are based, among other things, on tax, accounting or commercial and corporate law requirements for companies.
The documents to be recorded, the results of the work and the associated client-related correspondence also contain personal data, so that these are also part of file management and archiving.
The record keeping, documentation and archiving of client documents at Konfidens is performed electronically in the IT systems of Konfidens and, in some cases, in the form of paper files.
This processing is carried out on the basis of art. 6 (1) lit. c GDPR. With its file management, documentation and archiving, Konfidens fulfils the legal obligations of professional law, tax law and commercial and corporate law, among others.
Personal clients
If a natural person is a customer of Konfidens, other personal data are processed within the scope of order processing, insofar as this is required for the provision of the service agreed with the client. For this purpose, we shall process, in particular, bank data and payment data, as well as further information on personal, professional and financial circumstances, where applicable, insofar as these play a role in the fulfilment of the order by Konfidens and the client provides us with this information in accordance with the order concluded with Konfidens.
The processing of such personal data by Konfidens is carried out on the legal basis of art. 6 (1) lit. b GDPR, as the data processing is necessary for the fulfilment of the contract concluded between the client and Konfidens.
Given the diversity of the services that we provide to clients, we process many categories of personal data, including:
- contact details;
- business activities;
- family information;
- income and other financial related details; and
- investments and other financial interests.
Generally, we collect personal data from our clients or from a third party acting on the instructions of the relevant client. Only the persons performing the processing activities have access to these personal data. In this way, the data are treated as highly confidential within Konfidens.
Purposes of processing personal data
We only collect the personal data necessary for agreed purposes and we ask our clients to share personal data with us only if it is necessary for those purposes. Where we need to process personal data to provide professional services, we ask our clients to provide the data subjects with the necessary information regarding its use.
Security, quality and risk management activities
We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored in the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures, we carry out searches using publicly available sources (e.g. the internet and sanctions lists) to identify politically exposed persons and individuals and organisations involving heightened risk. Such searches are used to check there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions –including in respect of company directors – or conduct or other reputational issues).
Providing our clients with information about us and our range of services
With or without consent, in accordance with applicable law, we use client contact details to provide clients information that we believe to be of interest about us and our services; for example, industry updates and insights, other services that may be relevant and invitations to events.
Complying with any requirement of law, regulation
As with any provider of professional services, we are subject to legal, regulatory and professional obligations.We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, to provide insights to our clients, to improve our business, service delivery and offerings and to develop new technologies and offerings. To the extent that the information we receive in the course of providing professional services contains personal data, we shall de-identify the data prior to using the information for these purposes.
Data retention
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable laws or regulations).
Our baseline retention period is 12 years for records and other documentary evidence created in the provision of services, in the absence of specific legal, regulatory or contractual requirements.
Others who get in touch with us
We collect personal data (such as name, contact details and contents of the communication) when an individual gets in touch with us with a question, complaint, comment or feedback. In these cases, the individual is in control of the personal data shared with us and we shall only use the data for the purpose of responding to the communication.
Other visitors to our website
The data controller collecting the data provided by a visitor to this website is Konfidens Consulting AG.Personal data collected may be transferred to business partners in connection with the purpose for which the visitor has submitted the information. By submitting data on this website, a visitor provides explicit consent to the use of the data in accordance with this Privacy Policy, including the possible cross-border transmission of data collected on the website in order to fulfil the voluntarily submitted request.
Data collection
We collect only personally identifiable information provided specifically and voluntarily by visitors to this website. Konfidens receives limited identifiable information (such as name, title, company address, email address, telephone and fax numbers) from website visitors. Typically, identifying information is collected in order to:
- subscribe to updates;
- inquire after further information;
- distribute requested reference materials;
- administer and manage our website, including confirming and authenticating identity and preventing unauthorised access to restricted areas, premium content or other services limited to registered users; and
- aggregate data for website analytics and improvements.
Although most publications are provided as downloads, visitors may also have the opportunity to purchase Konfidens publications online. We collect order information and a customer’s credit card information, where applicable, in order to facilitate shipment and payment of the publication.
Visitors are also able to send emails via the site. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.
Konfidens’s intention is not to seek any sensitive information through our website unless legally required for recruiting purposes. Sensitive information includes a number of types of data relating to race or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life or criminal records. We suggest that you do not provide sensitive information of this nature. If you do wish to provide sensitive information for any reason, Konfidens assumes your explicit consent to use that information in the ways described in this Privacy Policy or as described at the point where you choose to disclose this information.
Unless we are asked not to, we may also use your data to contact you with information about Konfidens’s business, services and events, and other information that may be of interest to you. Should visitors subsequently choose to unsubscribe from mailing lists or revoke their registration, we provide instructions on the related webpage or in our communication to the individual, or the individual may contact us by email at dataprivacy@konfidens.ch.
Purposes of processing personal data
When a visitor provides personal information to us, we use it in connection with the purposes for which it was provided to us, as stated at the point of collection (or as obvious from the context of its collection). A user may choose to provide personal information in the context of the following, among others:
- Ordering publications
- Submitting resumes or work history information
- Participating in ‘join our mailing list’ initiatives
- Participating in bulletin boards, discussion or message forums
- Contacting us for further information
- Filling out quick surveys, quizzes or benchmarking surveys
- Registering for events and conferences.
The data are not shared with other entities in the network for secondary or unrelated purposes, or shared with a third party other than as described in this Privacy Policy or otherwise disclosed at the point of collection. If there is an instance where such information may be shared, the visitor shall be asked for permission beforehand.
Konfidens makes every practical effort to avoid excessive or irrelevant collection of data. If a visitor believes the site has collected excessive information, we encourage the visitor to contact us atdataprivacy@konfidens.ch to raise any concerns.
Except for the mailing list initiative described above, where visitors explicitly choose to receive specific marketing or other materials, Konfidens shall not use personal data collected from our websites to facilitate unsolicited marketing activities.
Cookies and log files
Cookies may be used on some pages of our site. Cookies are small text files placed on your hard drive that assist us in providing a more customised website experience. For example, a cookie can be used to store registration information in an area of the site so that a user does not need to re-enter it on subsequent visits to that area. It is Konfidens’s policy to use cookies to make navigation of our websites easier for visitors and to facilitate efficient registration procedures. Site statistics are compiled by third parties and therefore your IP address will be passed to third parties for statistical reporting only.
If you are concerned about cookies, most browsers permit individuals to decline them. In most cases, a visitor may refuse a cookie and still be able to navigate our websites; however, other functionality on the site may be impaired. After ending a visit to our site, users can delete the cookie from their systems if they so wish.
To manage our website properly, we may anonymously log information on our operational systems and identify categories of visitors by aspects such as domains and browser types. These statistics are reported in aggregate to our webmasters. This is to ensure that our website presents the best web experience for visitors and is an effective information resource.
Full details on the cookies used on our website can be found on the website when your consent is requested for such cookies.
Data retention
Some of the information we receive is not retained. Contact information about visitors (such as information generated though registration for access to areas on the site) shall be kept as long as the information is required to service the contact request or until a user requests that we delete that information. Mailing list information, discussion posts and emails are kept for only the period of time considered reasonable to facilitate the visitor’s requests.
When Konfidens retains personally identifiable information, Konfidens assumes responsibility for keeping an accurate record of the information once a visitor has submitted and verified the data. Konfidens does not assume responsibility for verifying the ongoing accuracy of the content of personal information. When feasible in practice, if Konfidens is informed that any personal data collected through a website are no longer accurate, Konfidens shall make appropriate corrections based on the updated information provided by the authenticated visitor.
User updates of information should be handled by going back through the registration process. Inquiries about the accuracy of identifying information previously submitted to Konfidens through its websites, or requests to have outdated information removed, should be directed to dataprivacy@konfidens.ch. Konfidens is committed to providing reasonable and practical access to visitors to allow them the opportunity to identify and correct any inaccuracies. When requested and practical, Konfidens shall delete identifying information from current operational systems.
Third party links
In several places, konfidens.ch may link to other websites that do not operate under the privacy practices of konfidens.ch.
If visitors follow links to other websites, Konfidens’s privacy practices no longer apply. We encourage visitors to review each site’s Privacy Policy before disclosing any personally identifiable information.
Choices
As policy, visitors are not required to register to gain access to the areas of Konfidens website. In certain cases, as a visitor’s Konfidens website experience expands, we may require in the future that a visitor register in order to obtain a user ID and password for authentication and secure access to a transaction or to certain confidential business or proprietary information services on premium websites.
Personally identifiable information provided to Konfidens through its websites is provided voluntarily by visitors. Should visitors subsequently choose to unsubscribe from mailing lists or revoke their registration, we provide instructions on the related webpage or in our communication to the individual, or the individual may contact us by email at dataprivacy@konfidens.ch.
Children
Konfidens understands the importance of protecting children’s privacy, especially in an online environment. Our website is not intentionally designed for or directed at children 16 years of age or younger.
It is Konfidens’s practice never knowingly to collect or maintain information about anyone under the age of 16.