With this data protection declaration, PRÜFAG Audit Ltd and PRÜFAG Lohnbuchkontrollen AG (hereinafter referred to as «PRÜFAG», «we» or «us») explains to its clients, users, business partners, applicants, authorities, and other persons involved («you») how personal data is collected and processed in the company. Responsible handling of your personal data is very important to us.
You may only disclose personal data of third parties to us if you are authorised to do so and the personal data is correct. We ask you to ensure that the persons concerned are aware of this privacy policy.
We use the feminine and masculine form alternately in this data protection declaration. The respective designation also includes all other gender designations.
We may amend this privacy policy at any time and without prior notice. The current version published on our website applies at all times.
The responsibility for the content of this privacy policy and for the data processing described lies with:
PRÜFAG Audit Ltd
PRÜFAG Lohnbuchkontrollen AG
Am Schanzengraben 23
8002 Zurich
Switzerland
E-mail: info@pruefag.ch
Phone: +41 44 533 76 00
For natural persons with simple residence in countries of the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as well as for the country-specific supervisory authorities provided for under the GDPR, we designate the following person as EU Data Protection Representative pursuant to Art. 27 GDPR:
VGS Data Protection Partner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
E-mail: info@datenschutzpartner.eu
By way of introduction, we would like to clarify the most important terms used in the following for better understanding. In this regard, we generally adhere to the definitions from the Swiss Federal Act on Data Protection.
This Privacy Policy complies with the requirements of the Swiss Federal Act on Data Protection («FADP») and the associated Ordinance («FODP») as well as the General Data Protection Regulation of the European Union («GDPR»). The type and scope of the applicable legislation depends on the individual case. Foreign data protection law shall only be applied insofar as this is mandatory under the applicable law and only for the data processing processes and persons affected by it.
We comply with the applicable data protection regulations when processing personal data.
The processing of personal data must not unlawfully infringe the personality of the persons concerned. For this reason, such data processing must comply with the processing principles of data protection law and/or must be legitimised by a justification. In particular, we are legitimised to process personal data if the processing:
Depending on the services you use and the respective relationship between you and us, we process the following categories of personal data in particular:
Within the scope of application of the GDPR, this data is processed either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in processing the enquiries addressed to us or based on your consent (Art. 6 para. 1 lit. a GDPR). The consent can be revoked at any time with effect for the future.
To a large extent, we collect personal data directly from you as the data subject. This includes in particular master data, contractual data, communication data and marketing data. The collection of such personal data takes place in the context of the initiation and processing of business relationships and the use of our services. If you provide us with data on other persons (e.g. family members, business colleagues, employees), you must ensure that you are authorised to do so and that the data is correct. In addition, the persons concerned must be made aware of this data protection declaration in advance.
We may also collect personal data about you ourselves or automatically or derive it from existing data. This includes in particular behavioural and transaction data as well as technical data.
Finally, we also collect personal data from third parties to the extent permitted by law. Such third parties include, in particular, persons from your environment, business partners, employers, insurance companies, banks, authorities, official agencies, courts, parties and their legal representation in the context of legal disputes, etc. In addition, we may also collect personal data from public sources (e.g. credit agencies, social media).
We process the collected data in order to fulfil our legal and contractual obligations towards you and third parties. This includes, in particular, the initiation (incl. contact requests), administration and processing of contractual relationships.
We also process the data collected to ensure communication with you, to provide and improve the services you have requested, to manage your use of and access to our services, to maintain our business relationship with you, to carry out advertising and marketing activities (where we are authorised to do so, e.g. by obtaining your consent), to monitor and improve the performance of our services, to enforce or defend against legal claims, to identify, prevent or investigate illegal activities, to comply with laws and recommendations of domestic and foreign authorities and internal regulations («Compliance») and to manage risk. We use this data for the following purposes: to enforce or defend ourselves against legal claims, to detect, prevent or clarify illegal activities, to ensure compliance with laws and recommendations of domestic and foreign authorities as well as internal regulations («Compliance») and risk management, to generally guarantee our operations (in particular IT, website, etc.) and to ensure administrative processes (e.g. data archiving, accounting, master data maintenance, quality assurance).
We process your personal data for as long as we are legally obliged to do so (e.g. storage and archiving obligations) or our legitimate business interests require this (e.g. enforcement or defense of claims, guaranteeing IT security) or as long as the purpose of the collection of your data makes it necessary or the storage is technically required. In the case of contracts, the data is generally stored for the duration of the contractual relationship as well as for the statutory retention periods beyond this (generally 10 years).
This may mean that your personal data or extracts thereof must be retained for several years after the contractual relationship between you and us has ended. If your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible.
In certain cases, based on your consent, we also keep your personal data for longer (e.g. job applications that we have pending).
To the extent legally permissible and necessary, we may also pass on certain personal data to third parties in the course of our business activities. These third parties process your personal data either on our behalf (order processor), under joint responsibility with us or on their own responsibility. These include, among others:
Where necessary, we have concluded corresponding order processing contracts with our service providers. In these contracts, they undertake to comply with data protection and data security regulations. Furthermore, they may only process personal data in accordance with our instructions. They also grant us comprehensive auditing and control rights as well as the right to information, correction and deletion.
We generally process and store personal data in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and recipients who are located outside this area or process personal data outside this area, in principle in any country in the world. In particular, you must expect personal data to be disclosed to all countries in which the service providers we use and their subcontractors (especially the USA) and group companies are located.
By taking appropriate measures, we ensure compliance with the legal requirements. Specifically, an adequacy decision by the competent authority is available. In the absence of such a decision, the personal data is transferred on the basis of appropriate safeguards (in particular standard contractual clauses approved by the European Commission and the Federal Data Protection and Information Commissioner [FDPIC]) or there are exceptions for certain situations (contract execution, law enforcement abroad, etc.) or we obtain your express consent.
To secure your data, we maintain technical and organisational security measures in accordance with the current state of the art.
Communication via our website is encrypted using the SSL/TLS encryption protocol. However, we would like to point out that even encrypted data transmission on the Internet always involves security risks. Complete protection of data against access by third parties cannot be guaranteed.
Provided that the requirements of the applicable data protection law are met and no legal exceptions apply, you generally have the following rights in connection with the processing of your personal data:
Please note that these rights may be restricted or excluded in specific individual cases (e.g. to protect third parties or business secrets).
For the purpose of asserting your data subject rights or if you have any questions regarding this data protection declaration and the processing procedures described therein, you can contact the data protection officers mentioned in the previous sections. 2 and 3 above.
If you believe that your data has been processed unlawfully, we would be grateful if you could contact us directly. Alternatively, you can file a complaint with the supervisory authority responsible for you. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). In the EU, the complaint must be submitted to the respective national data protection authority.
We host our website with a Swiss hosting provider based in Switzerland. With each visit to our website, the hosting provider automatically collects and stores information (server log files) that your browser transmits. This includes the name and URL of the file accessed, date and time, amount of data, web browser and web browser version, operating system, the domain name of your internet provider, the so-called referrer URL (the page from which you accessed our offer) and the IP address. This usage data is used to detect technical problems, to ensure security and to statistically evaluate the use of our website and thus also to further develop our offer.
The above data will be processed by us for the following purposes:
Within the scope of application of the GDPR, the processing of this data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in accordance with the purposes listed above or your consent (Art. 6 para. 1 lit. a GDPR). The consent can be revoked at any time with effect for the future.
Our website uses the following cookies:
Our website contains hyperlinks to third-party websites that are not operated or controlled by us. We are not responsible for their content or data protection practices.
Our website uses Google Analytics, Google Maps and Google Fonts from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services (hereinafter «Google»).
In addition to the following explanations, you will find further information on data protection at Google in the Google data protection declaration: https://policies.google.com/privacy.
We have concluded an order processing contract with Google.
Within the scope of application of the GDPR, the processing of this data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in an appealing internet presence as well as in increasing our reach or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.
We use functions of the web analysis service Google Analytics on our website. Google Analytics uses so-called «cookies», i.e. text files that are stored on your computer and enable an analysis of your use of the website (cf. the above explanations under para. 14.2). The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area as well as Switzerland. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
The purposes of the data processing are to evaluate the use of the website and to compile reports on activities on the website. Other related services are then to be provided based on the use of the website and the internet.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: Browser Add On to deactivate Google Analytics.
In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
We use Google Maps on our website to display interactive maps and to create directions. When you call up a web page on our website that has Google Maps integrated, your browser establishes a connection with the Google servers. In addition, Google Maps sets cookies (cf. the above explanations under para. 14.2). By using Google Maps, various information (e.g. IP address, addresses entered, date and time of the website visit) can be transmitted to Google servers in the USA.
You can find more information about data processing by Google here:
https://policies.google.com/privacy?hl=de. There you can also change your personal privacy settings in the privacy centre. Detailed instructions on managing your own data in connection with Google products can be found here.
General information on Google Maps can be found at: https://www.google.com/intl/de/maps/about/#!/.
On our website, we use Google Fonts for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.
Further information on Google Web Fonts can be found at: https://developers.google.com/fonts/faq.
In the following, we would like to inform you about the most important cloud service providers we have used:
We accept applications by e-mail, LinkedIn or JobCloud (cf. also the above para. 15). If necessary, we also work with other external partners (e.g. job portals and employment agencies). Please also note the data protection information of these partners.
We treat your data as strictly confidential. Your personal data will only be passed on within our company to persons who are entrusted with processing your application.
We process the personal data sent to us as part of your application and the personal data collected as part of the application process insofar as this is necessary to decide on the conclusion and implementation of an employment contract. This includes:
We process your personal data in this regard for as long as is necessary for the decision on your application. They are deleted a maximum of six months after the end of the application process, unless longer storage is legally required or permitted or you have not consented to longer storage.
If an employment relationship is established following the application process, your application documents will be transferred to your personnel file.
We maintain the publicly accessible profiles on social networks listed below. For this purpose, we may provide linked graphics to the respective networks on our website. By clicking on a corresponding graphic, you will be redirected to the selected social network. After the forwarding, the network collects and processes your information in the following framework.
By visiting our profiles on the social networks, personal data about you may be collected. For example, if you are logged into your accounts on the social networks and visit our profile at the same time, the portal operator may be able to assign this visit to your user account. However, even if you have logged out of your account or if you do not have an account with the respective portal, your personal data may be collected. Such data collection can occur, for example, through the setting of cookies. Based on the data collected in this way, the portal operators can create user profiles and show you interest-related advertising. You can find more information on this in the respective data protection declarations of the portal operators.
For the purpose and scope of the data collection and the further processing and use of the data by the respective social network, as well as your rights in this regard and setting options for protecting your privacy, please refer to the relevant data protection provisions of the respective social network.
Within the scope of the GDPR, the use of social networks is in the interest of an appealing presentation of our online offers, increasing our reach and promoting our products and services. This is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is based on Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.
We maintain a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. You can find more information on how Xing handles your personal data in their privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. You can find more information on how LinkedIn handles your personal data in their privacy policy: https://www.linkedin.com/legal/privacy-policy.
LinkedIn uses advertising cookies. If you would like to deactivate them, please follow this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use Google My business from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland («Google»).
When you visit and interact with our Google My Business listing, Google also collects your IP address and other information that is collected in the form of cookies on your terminal device. This information is collected for statistical purposes. The data collected about you in this context will be processed by Google and may also be transferred to the USA in the process. The use of Google My Business is your own responsibility.
You can find further explanations in the Google privacy policy: https://policies.google.com/privacy.