In this privacy statement, we, FISCOM Treuhand GmbH (hereinafter referred to as FISCOM Treuhand GmbH, we or us), describe how we collect and process personal data. This data protection declaration does not represent a conclusive description; other declarations relating to data protection may regulate specific matters. For the purposes of this data protection declaration, personal data means all information that relates to an identified or identifiable person. 

1. Responsible party and contact

Responsible for the data processing we describe here is FISCOM Treuhand GmbH, unless otherwise stated in individual cases. Inquiries regarding data protection can be addressed to us by letter or e-mail, enclosing a copy of the user’s ID or passport for identification purposes: :

FISCOM Treuhand GmbH, Bahnhofstrasse 1, 6341 Baar / Tel: +41 (0) 41 768 03 03 / mail@fiscom.ch.

2. Collection and processing of personal data

We process personal data in the following categories of processing in particular.

• Customer data of customers for whom we provide or have provided services.
• Personal data that we have received indirectly from our customers in the course of providing services.
• When visiting our website
• When we communicate or a visit takes place.
• In the case of other contractual relationship, e.g. as a supplier, service provider or consultant.
• For job applications
• When we are required to do so for legal or regulatory reasons.
• When we are performing our due diligence or other legitimate interests, for example, to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security or enforce our rights.

More detailed information can be found in the description of the respective categories of processing in section 5 et seqq.

3. Categories of personal data

The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you or about people who have a relationship with you. This information may also be sensitive personal data.

We collect the following categories of personal data, depending on the purpose for which we process it:

• Contact information (e.g., last name, first name, address, phone number, email).
• Customer information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number)
• Risk assessment data (e.g. credit rating information, commercial register data)
• Financial information (e.g. data on bank details)
• Mandate data, depending on the mandate (e.g. tax information, statutes, minutes, projects, contracts, employee data (e.g. salary, social security), accounting data, beneficial owners, ownership)
• Website data (e.g. IP address, device information (UDI), browser information, website usage (analysis and use of plugins, etc.)
• Job application data (e.g., resume, employment references)
• Security and network data (e.g. visitor lists, access controls, network and mail scanners

To the extent permitted, we also take certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties. In addition to the data about you that you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information, information about you that people close to you (family, advisors, legal representatives, etc.) give us so that we can conclude contracts with you. ) so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney), information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours on the use or provision of services by you (e.g. payments made, purchases made), information from the media and Internet about you (where this is appropriate in a specific case, e.g. as part of a job application, etc.). your addresses and, if applicable, interests and other sociodemographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).

4. Purposes of data processing and legal basis

4.1    Provision of services

We primarily process the personal data that we receive from our clients and other business partners in the course of our client relationships and other contractual relationships with them and other persons involved in them.

The personal data of our customers is in particular the following information:

• Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information).
• Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number, family circumstances, etc.)
• Risk assessment data (e.g. credit rating information, commercial register data, sanctions lists, specialized databases, data from the Internet)
• Financial information (e.g. data on bank details, investments or shareholdings)
• Mandate data, depending on the mandate, e.g. tax information, articles of association, minutes, employee data (e.g. salary, social security), accounting data, etc.
• Particularly sensitive personal data: These personal data may also include personal data requiring special protection, such as data on health, religious beliefs or social assistance measures, especially if we provide services in the area of payroll processing or accounting.

We process this personal data for the described purposes based on the following legal bases:

• Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (e.g., consulting, fiduciary services)
• Fulfillment of a legal obligation (e.g., if we are performing our duties as an accounting office or are required to disclose information)
• Safeguarding legitimate interests, (e.g., for administrative purposes, to improve our quality, ensure safety, manage risk, enforce our rights, defend against claims, or to review potential conflicts of interest)
• Consent (e.g., to send them marketing information).

4.2    Indirect data processing from service provision

When we provide services to our customers, we may also process personal data that we have not collected directly from the data subjects or personal data from third parties. These third parties are usually employees, contacts, family members or persons who have a relationship with the customers or data subjects for other reasons. We need this personal data to fulfill contracts with our customers. We receive this personal data from our customers or from third parties engaged by our customers. Third parties whose information we process for this purpose are informed by our customers that we process their data. Our customers may refer to this privacy policy for this purpose.

The personal data of persons who have a relationship with our customers is in particular the following information:

• Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information, marketing data).
• Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number, family circumstances, etc.)
• Financial information (e.g. data on bank details, investments or shareholdings)
• Mandate data, depending on the mandate, e.g. tax information, articles of association, minutes, employee data (e.g. salary, social insurance), accounting data
• Personal data requiring special protection: These personal data may also include personal data requiring special protection, such as data on health, religious beliefs or social assistance measures, especially if we provide payroll processing or accounting services.

We process this personal data for the described purposes based on the following legal bases:

• Conclusion or execution of a contract with or for the benefit of the data subject (e.g., when we perform our contractual obligations)
• Fulfillment of a legal obligation (e.g., when we perform our duties as an accounting office or are required to disclose information)
• Safeguarding legitimate interests, in particular our interest in providing optimal service to our customers.

4.3    Direct communication and visits

If you contact us (e.g. via telephone, e-mail or chat) or if we contact you, we process the personal data required for this purpose. We also process this personal data when you visit us. In this case, you may be required to leave your contact details prior to your visit or at reception. We keep these for a certain period of time to protect our infrastructure and information.

We use the “Zoom” or “Microsoft Teams” service to conduct conference calls, online meetings, video conferences and/or webinars (“Online Meetings”).

In particular, we process the following information:

• Contact information (e.g. surname, first name, address, telephone number, e-mail).
• Marginal data on communication (e.g., IP address, duration of communication, communication channel)
• Announced recordings of conversations, e.g., during video conferences
• Other information uploaded, provided or created by the user during the use of the video conferencing service, as well as metadata used for the maintenance of the service provided Additional information about the processing of personal data by “Zoom” or “Microsoft Teams” can be found in their privacy statements.
• Personal information (e.g., occupation, position, title, employer company).
• Time and reason for visit.

We process this personal data for the described purposes based on the following legal grounds:

• Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (provision of a service).
• Safeguarding legitimate interests (e.g. security, traceability and processing and administration of customer relationships).

4.4    Job Applications

You can submit your application for a position with us by mail or via the e-mail address provided on our website. The application dossier and all personal data disclosed to us with it will be treated in strict confidence, will not be disclosed to any third party and will only be processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal obligation to retain it. The legal basis for processing your data is your consent, the fulfillment of the contract with you and our legitimate interests.

In particular, we process the following information:

• Contact information (e.g. surname, first name, address, telephone number, e-mail).
• Personal information (e.g. profession, function, title, employer company)
• Application documents (e.g. letter of motivation, certificates, diplomas, curriculum vitae)
• Assessment information (e.g. assessment by personnel consultants, reference information, assessments)

We process this personal data for the purposes described based on the following legal grounds:

• Safeguarding legitimate interests (e.g. hiring new employees).

4.5    Suppliers, service providers, other contractual partners

When we enter into a contract with you to provide a service to you, we process personal data about you or your employees. We need this data to communicate with you and to use your services. We may also process this personal data in order to check whether there might be a conflict of interest in connection with our activities and to ensure that we do not enter into any unwanted risks, e.g. with regard to money laundering or sanctions, when working with you.

In particular, we process the following information:

• Contact information (e.g. surname, first name, address, telephone number, email).
• Personal information (e.g. profession, function, title, employer company).
• Financial information (e.g. data on bank details).

We process this personal data for the purposes described based on the following legal grounds:

• Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement.
• Safeguarding legitimate interests, (e.g. avoidance of conflicts of interest, protection of the company, enforcement of legal claims).

5. Use of our website

No personal data need to be disclosed in order to use our website. However, the server collects a number of user information with each call, which are temporarily stored in the log files of the server.

When using this general information, no assignment to a specific person takes place. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected in order to improve the website and analyse its use.

In particular, this involves the following information:

• Contact information (e.g. surname, first name, address, telephone number, e-mail).
• Other information that you transmit to us via the website
• Technical information automatically transmitted to us or our service providers, information on user behavior or website settings (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, click on links, etc.).

We process this personal data for the purposes described based on the following legal grounds:

• Safeguarding legitimate interests, (e.g. for administrative purposes, to improve our quality, analyze data or publicize our services).
• Consent (e.g. to the use of cookies or the newsletter).

5.1    Tracking Technologies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site.

By using cookies, we can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we thereby gain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made, so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period.

The data processed by cookies are necessary for the purposes mentioned. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears before a new cookie is created.

Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. However, the complete deactivation and deletion of cookies may mean that you cannot use all the functions of our website.

5.2    Web and Newsletter Analysis

To obtain information about the use of our website and our Internet offer, we use various web analysis tools.

These tools are provided by third-party providers. As a rule, the information collected for this purpose about the use of a website is transmitted to the third-party provider’s server using cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad.

The transmission of the data usually takes place with shortening of the IP addresses, which prevents the identification of individual end devices. A transmission of this information by third-party providers only takes place due to legal regulations or in the context of order data processing.

5.2.1              Google Analytics

We use Google Analytics, the web analytics service of Google LLC, Mountain View, California, USA, responsible for Europe is Google Limited Ireland (“Google”) on our websites. To deactivate Google Analytiscs, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store specific information related to the user on the user’s terminal device. These enable an analysis of the use of our website offer by Google. The information collected by the cookie about the use of our pages (including your IP address) is usually transmitted to a Google server in the USA and stored there. We point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymized collection of IP addresses (so-called IP masking). If anonymization is active, Google truncates IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity.

Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google may associate your IP address with other Google data. For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses.

Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html.

5.2.2              Google Tag Manager

On our site, we use the Google Tag Manager service from Google Ireland Ltd, Gordon House, Barrow Street, 4 Dublin, Ireland. This allows us to integrate Google Analytics and other Google marketing services. The tag manager itself does not process any personal data. You can read more at this link: https://www.google.com/intl/de/tagmanager/use-policy.html .

5.2.3              Google reCaptcha

We use reCaptcha on our website. Provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

With this tool, we check whether the data transfer (e.g. through the contact form) is made by a human or an automated program (“bot”). This analysis starts automatically at the beginning of the website visit. For the analysis, reCaptcha evaluates various information. This information (e.g. IP address or click-through rate) is forwarded to Google.

These analyses run in the background. The website visitors are not informed that an analysis is taking place.

We use reCaptcha to protect our offers and our website from SPAM.

For more info, please see the following link: https://www.google.com/recaptcha/intro/android.html .

5.2.4              Wordfence

Wordfence is a plugin of WordPress from the company Defiant, Inc, 1700 Westlake Ave N Ste 200, Seatte, WA 98109. We use this plugin to protect our website from unauthorized access and attacks. In order to detect attacks, Wordfence stores IP addresses of users. For this purpose it uses cookies (More info about this at: https://www.wordfence.com/help/general-data-protection-regulation/#cookies-set-by-the-wordfence-plugin). The collected data is sent to a server in the USA.

Wordfence has committed itself to comply with the current data protection laws in the European area. More about this at: https://www.wordfence.com/privacy-policy/ .

5.2.5              Linkedin

We operate a company profile on the social media channel LinkedIn from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. In particular for branding, customer communication or recruiting.

When you visit our company page on LinkedIn, your IP address and other information is collected in the form of cookies, among other things. Information about which data is processed by LinkedIn and for what purpose can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

We would like to point out that you use the LinkedIn site and its functions on your own responsibility. This applies in particular to the use of interactive functions such as commenting, sharing and rating.

The data you enter on LinkedIn is processed by us to the extent that we respond to or comment on your postings or messages. Beyond that, we do not process any data from your use of or visit to our LinkedIn profile.

6. Integration of external web services / plugins and tools

6.1    Google Fonts

We use Google Web Fonts, which are provided by Google, on our website for the uniform display of fonts. When you call up our website, the browser you use establishes a connection to Google’s servers and thereby transmits the IP address with which our website was called up. If your browser does not support WebFonts, then a standard font is used to display the website on your device.

We use Google Fonts to offer you a consistent and appealing presentation of our website. For more information, please visit: https://developers.google.com/fonts/faq.

6.2    Google Maps

On our website we use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Limited Ireland, “Google”). Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, our location is displayed to you and a possible journey is made easier. Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

6.3    WordPress

We use for our website the service WordPress of the company Automattic Inc, 60 29th Street #343 CA 94110 San Francisco, United States. WordPress is committed to complying with applicable data protection laws in Europe and Switzerland.

WordPress is a free content management system (CMS) for operating our website. We use WordPress to display the website and content to you.

In the privacy policy of the provider, you will find more information about the handling of data: https://automattic.com/privacy/ or e-mail: dpo@wordpress.org.

7. Contact possibility via the website

Our website offers the possibility of quick electronic contact via contact form. The personal data entered there is automatically stored for the. These are stored for the purpose of processing or contacting the person concerned. This personal data is not passed on to third parties.

8. Data sharing and data transmission

We will only disclose your data to third parties if this is necessary to provide our service, if these third parties provide a service for us, if we are required to do so by law or by the authorities, or if we have an overriding interest in disclosing the personal data. We will also disclose personal data to third parties if you have given us your consent to do so or have requested us to do so.

Not all personal data is transmitted in encrypted form as standard. Unless explicitly agreed otherwise with the customer, accounting data, salary administration data, salary slips and salary statements are transmitted unencrypted.

The following categories of recipients may receive personal data from us:

• Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).
• Third parties within the scope of our legal or contractual obligations, authorities, state institutions, courts.

We conclude contracts with service providers who process personal data on our behalf, obliging them to ensure data protection. The majority of our service providers are located in Switzerland or in the EU / EEA. Certain personal data may also be transferred to the USA (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. If data transfer to other countries that do not have an adequate level of data protection is necessary, this will be done on the basis of the EU standard contractual clauses (e.g. in the case of Google) or other appropriate instruments).

9. Duration of storage of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and to the extent that we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and as far as possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less apply in principle.

10. Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls.

11. Obligation to provide personal data

In the context of our business relationship, you must provide those personal data that are necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the website cannot be used if certain traffic-securing information (such as IP address) is not disclosed.

12. Your rights

You have the following rights in connection with our processing of personal data:

• Right to information about personal data stored about you by us, the purpose of processing, the origin and about recipients or categories of recipients to whom personal data is disclosed.
• Right to rectification if your data is incorrect or incomplete.
• Right to restrict the processing of your personal data
• Right to request the deletion of the processed personal data
• Right to data portability
• Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons.
• Right to complain to a competent supervisory authority, if provided for by law.

To exercise these rights, contact us at the address indicated in section 1.

Please note, however, that we reserve the right to assert the restrictions provided for by law on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If costs are incurred by you, we will inform you in advance.

13. Amendment of the data protection declaration

We expressly reserve the right to change this privacy policy at any time.

Last change: August 2023