2      What data do we process about you?

We collect the following data directly from you:

• Identity (first name, last name, date of birth, gender). This data is kept for 10 years after the end of the contractual relationship for legal reasons or for evidentiary purposes pending the expiry of the applicable limitation periods.
• Contact details (postal address, email address, telephone number). This data is retained for 10 years after the end of the contractual relationship for legal reasons or for evidentiary purposes pending the expiry of the applicable limitation periods.
• Invoicing (amount and due date of invoices, reminders, supporting documents). This data is kept for 10 years after the end of each financial year, in accordance with art. 958f CO.
• Correspondence (email exchanges, telephone reports, postal mail). This data is kept for 10 years after the end of the contractual relationship for legal reasons or for evidentiary purposes pending the expiry of the applicable limitation periods.
• Technical data (IP address, MAC address, timestamp). This data is kept for 12 months after its collection for technical and security reasons of our IT installations.

We also collect the following data from third parties:

• Financial situation (solvency score). This data is purchased from Swiss companies active in assessing the solvency level of legal entities. It is kept for evidentiary purposes for the entire duration of the contractual relationship, but for a maximum of 5 years after its collection.
•  

3      For what purposes do we process your data?

We process your personal data in order to:

• to enter into contractual relationships and perform them in accordance with the provisions set out in the contracts;
• communicate with you by any appropriate means of communication in order to answer your questions regarding our services, offer you our services and assistance, and record claims and complaints;
• send you commercial or promotional communications (marketing) through the channels you have chosen where applicable, carry out profiling combining different personal data in order to better understand your interests and preferences among our products and services; certain processing for marketing purposes involves communicating your data to contractual partners; you can object at any time free of charge to processing for marketing purposes;
• communicate your data to our contractual partners so that they can contact you, if you consent to this in advance;
• improve our services, products and business activities through market research and satisfaction surveys;
• plan our business activities;
• carry out statistics;
• verify that our activities comply with applicable legislation as well as our internal regulations;
• analyze risks, detect abuses, implement security measures and monitor that these measures are effective;
• respond to your questions and requests relating to data protection, in particular when you wish to exercise one of your rights provided for by law.

4      What legal bases are used to process your data?

Most of the processing we carry out is strictly necessary for the conclusion, execution and liquidation of contracts with you. Without this processing, we cannot guarantee the services we undertake to provide under the contracts.

Other processing is based on our legitimate interest or that of a third party. This is the case in particular for processing for marketing, security, statistical and market research purposes. The same applies to the defense of our interests in court and the management of disputes, in particular those that do not have a contractual basis.

Certain processing operations may be required by Swiss or foreign legislation. If they are not directly imposed by law, they will be based on our legitimate interest in complying with the legal provisions applicable to us.

Your consent will also serve as a basis when it is necessary (e.g. for certain processing operations for marketing purposes). In this case, we will inform you specifically about the processing operations requiring your consent and you will remain free to give it or not. We will inform you of the consequences if you refuse to give your consent. When you give your consent, you remain free to withdraw it at any time, without justification and in a simple manner. The withdrawal is valid for the future and does not retroactively affect the processing operations carried out up to the withdrawal. The processing subject to the withdrawal of consent will stop immediately unless it can be continued by means of another legal basis (e.g. our legitimate interest).

5      Do we make automated individual decisions about you?

In the context of the conclusion or execution of the contract, no automated individual decision (without human intervention) is taken with regard to you.

6      Is your data used for profiling operations?

As indicated among the purposes of the processing implemented, we carry out profiling activities concerning you using all the data at our disposal (basic data, contractual data, data relating to your preferences and behavior, etc.). The profiling implemented serves to better understand your interests.

7      Who do we share your data with?

In the context of the contractual relationship that binds you to us and the other purposes mentioned in figure3above, we are required to communicate all or part of your data to the following recipients:

• Companies of the GCH Governance Consulting Holding SA group. These companies process the data that we communicate to them for the same purposes as those mentioned in figure3above.
• Contractual partners. We work with partners to provide you with the services provided for in the contracts that bind us to you. We therefore only communicate to them the personal data concerning you that is absolutely necessary for the provision of their services.
• Service providers. We work with various service providers who enable us to implement certain data processing operations and carry out certain activities. These include IT service providers, address verification services, debt collection services, transport companies, advertising agencies, cleaning services, financial service providers (e.g. banks, insurers, financial intermediaries, online payment services). These service providers may act on our instructions as processors, as joint controllers if they work directly with us on certain processing operations, or as independent data controllers if we communicate the data to them so that they can process it for their own purposes.
• Authorities. When we are required to do so by law, when we have the right to do so or when it is necessary to protect our interests, we communicate personal data about you to Swiss or foreign authorities.

When we communicate your data to recipients who act as processors, we check whether they also communicate data to third parties and require guarantees for these communications, in particular as to their necessity and security. If necessary, we will restrict the processing of your data by some of our processors. However, these checks and restrictions cannot be implemented with regard to certain recipients acting as independent data controllers, in particular the authorities.

8      Do we transfer your data abroad?

We work as far as possible with service providers and partners located in Switzerland. When this condition is not feasible, we work with service providers and partners who are not located in Switzerland. We therefore transfer certain personal data to them when this transfer is necessary for the purposes described in section3above and that it complies with the applicable legal framework.

We also use IT services from foreign providers. We endeavour to store data in Switzerland, but this may not be possible. In this case, we give preference to countries in the European Economic Area and countries offering an adequate level of protection.

We will transfer personal data:

• Switzerland, because we are economically active there,
• European Community, United States, for technical or operational reasons,
• Rest of the world, because we may use service providers or partners located in these countries when an optional service that you wish to obtain requires it,

With regard to the transfer of data to countries that do not offer an adequate level of protection, we have obtained from our partners and service providers that they undertake to comply with the standard contractual clauses of the European Union, where appropriate with additional measures. You can obtain more information on these guarantees by contacting our Data Protection Officer.

We also remind you that due to the technical rules related to the operation of the network, the transmission of personal data via the Internet between persons or entities located in the same country may transit through other countries. These transits are beyond our control.

9      How long do we keep your data?

We process your personal data for as long as the purposes of each processing require it. These purposes include legal retention obligations as well as retention periods that we have defined ourselves in order to protect our own interests (corporate governance, documentation and safeguarding of means of proof). In all cases, when all retention periods have expired, your personal data is anonymized or destroyed.

Specific retention periods have been indicated in the figure2above for each category of personal data. These periods may however be extended for technical reasons when the data in question ends up in our long-term backup system. In this case, we take all security measures to restrict access to the backups to a very limited number of people and to limit the processing of the data to simple storage. We also undertake to irretrievably destroy the data in the backups as soon as this proves technically possible.

10  How do we protect your data?

The technical, organizational and legal measures necessary to preserve the security and confidentiality of your personal data are taken based in particular on the risks presented to you by the processing carried out and the sensitive or non-sensitive nature of the data concerned.

We are constantly striving to improve these measures in order to preserve the security of your personal data.

11  What are your rights regarding the protection of your data?

Your rights regarding your personal data include those to:

• ask us for information about your personal data that we process and a copy of said data;
• ask us to correct or complete incorrect or incomplete data;
• ask us to delete your data, unless for example a legal basis or our legitimate interest requires or allows us to keep your data for longer;
• ask us to limit the processing of your data;
• notify us at any time of the revocation of your consent to the data processing for which your consent has been requested;
• notify us at any time of your opposition to the processing of your personal data for promotional and advertising purposes;
• notify us at any time of your objection to any other processing, unless for example a legal basis or our legitimate interest requires or authorises us to continue the processing;
• ask us for your data in a portable format when the processing of your data is done by automated means, on the basis of your consent or a contract 
• ask us to express your point of view in the event of an automated individual decision and to have the decision reviewed by a human being;
• contact our data protection officer/delegate, the PFPDT (when the processing falls under the LPD) or a supervisory authority of an EEA country (when the processing falls under the GDPR) when you wish to contest the way we process your data or your request to exercise your rights, respectively to file a complaint or a complaint.

We will inform you of any conditions or restrictions that may apply to the exercise of your rights.

You can exercise your rights by contacting us directly (see figure1above). We reserve the right to request additional data in order to identify you, in particular by means of a copy of a valid official identity document. To facilitate the processing of your request, we also ask you to indicate precisely which right(s) you wish to assert, and their extent.

In order to limit paper waste when you request a copy of your personal data, we will make them available to you in digital format. In addition, please note that under the applicable legal provisions, we may ask you for a fair financial contribution (maximum CHF 300) if your request entails disproportionate efforts. You will be informed of this in advance in order to allow you to take a position.

12  When do we update this statement?

This statement may be updated at any time. The version published here on our website is the most recent and authoritative version. It replaces all general data protection clauses that were previous or contradictory to this statement.

Last updated: 29.01.2025

Summary of latest changes:

• Original document François Charlet under CC BY 4.0 license modified Syslog Informatique SA
• initial version 1.0