Personal data refers to all information relating to an identified or identifiable natural person. Processing means any handling of personal data, irrespective of the means and procedures used, in particular the collection, storage, use, revision, disclosure, archiving, deletion or destruction of data.
When processing personal data, OA is guided by the provisions of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Data Protection Act (DPA) and any other data protection provisions, insofar as they are applicable to the data processing referred to in this Policy. 2. Controller and contact
The person responsible for the data processing described here is Orthos Advisory AG, Scheideggstrasse 85, 8038 Zürich, +41 79 299 3153, firstname.lastname@example.org. The data subject may contact the controller using these contact details for any data protection concerns. 3. Origin and processing of personal data
In addition to the data that is provided to OA by the data subject, OA also processes data that it receives from authorities or other third parties (e.g. custodian banks), publicly accessible data or data that it becomes aware of as a result of the use of a service. The categories of personal data that OA obtains from third parties include, in particular, information from public registers, information in connection with administrative or judicial proceedings, information in connection with professional activities or functions of the data subject, information about the data subject from correspondence and meetings with her/him and/or with third parties, information about the data subject disclosed to OA by persons in the data subject's environment (e.g. family, accountant, attorney), information for compliance with legal requirements such as anti-money laundering and terrorist financing regulation or export restrictions, information from banks, insurance companies and other contracting partners of OA for the use or provision of services for the data subject and third parties, information in the media and internet and data in connection with the use of OA's website. 4. Purposes of data processing
OA always processes personal data for a specific purpose. Primarily, this is the conclusion and fulfillment of contracts, in particular in the context of providing services to clients and purchasing products and services from suppliers, as well as in order to comply with OA's legal obligations. In addition, OA also processes personal data for the following purposes, which are in OAs legitimate interest:
- Offering and further developing products, services and the website;
- Communication with clients, business partners and third parties;
- Client care and marketing (unless the use of data from data subject for the specific purpose has been explicitly objected to);
- Assertion of legal claims and defense in the context of legal disputes and official proceedings;
- Ensuring the OA's business operation, in particular of the IT and the website;
- Compliance with applicable legal and professional regulations and contractual agreements;
- Corporate transactions (merger, acquisition and sale of companies or transfer of assets).
If the data subject gives consent for the processing of his/her personal data for specific purposes (e.g. receiving newsletters), OA will process the personal data only within the scope of and based on this consent. The given consent can be revoked at any time. 5. Data transfer to third parties and data transfer abroad
- Clients and their affiliates;
- Suppliers, their subcontractors and other external service providers (e.g. banks, insurance companies, accounting) and order processors (e.g. IT providers);
- Domestic and foreign authorities, official agencies and courts, conciliation boards and arbitration tribunals;
- Parties or interested parties to corporate transactions;
- Other parties to potential or actual legal proceedings.
The aforementioned recipients of personal data may be located in Switzerland, but also abroad. The data subject must accordingly expect his/her personal data to be processed in Switzerland but also transmitted to any other country in the world where service providers of OA are located. If a recipient is located in a country without adequate data protection, OA will contractually bind the recipient (e.g. by means of recognized standard contractual clauses) or will rely on an exemption provision, such as consent, the execution of the contract or an overriding public interest. 6. Data security
OA takes appropriate technical and organizational security measures, to protect personal data of the data subject from unauthorized access and misuse. 7. Cookies and tracking
While establishing and carrying out business relationships, OA generally do not use any fully automated individual decision-making. Should OA decide to use such procedures in certain cases, the data subject will be informed separately and advised of his/her relevant rights if required by law. 9. Rights of the data subject
- Right to information on existing personal data;
- Right to rectification of personal data;
- Right to delete personal data;
- Right to restrict the processing of personal data;
- Right to raise an objection to the processing of personal data;
- Right to revoke consent given in the future;
- Right to receive personal data for the purpose of transfer.
The data subject also has the right to enforce his/her claims in court or to file a complaint with the competent data protection authority (in Switzerland: the Federal Data Protection and Information Commissioner). OA draws attention to the fact that OA reserves the right to enforce the restrictions provided for by law, such as legal obligations to retain or process data or the existence of an overriding interest in data processing. The assertion of rights due to the data subject may result in OA no longer being able to provide agreed services and may result in termination of the contract. 10. Changes