Personal data refers to all information relating to an identified or identifiable natural person. Processing means any handling of personal data, irrespective of the means and procedures used, in particular the collection, storage, use, revision, disclosure, archiving, deletion or destruction of data.
When processing personal data, OA is guided by the provisions of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Data Protection Act (DPA) and any other data protection provisions, insofar as they are applicable to the data processing referred to in this Policy. 2. Controller and contact
The person responsible for the data processing described here is Orthos Advisory AG, Scheideggstrasse 85, 8038 Zürich, +41 79 299 3153, email@example.com. The data subject may contact the controller using these contact details for any data protection concerns. 3. Origin and processing of personal data
In addition to the data that is provided to OA by the data subject, OA also processes data that it receives from authorities or other third parties (e.g. custodian banks), publicly accessible data or data that it becomes aware of as a result of the use of a service. The categories of personal data that OA obtains from third parties include, in particular, information from public registers, information in connection with administrative or judicial proceedings, information in connection with professional activities or functions of the data subject, information about the data subject from correspondence and meetings with her/him and/or with third parties, information about the data subject disclosed to OA by persons in the data subject's environment (e.g. family, accountant, attorney), information for compliance with legal requirements such as anti-money laundering and terrorist financing regulation or export restrictions, information from banks, insurance companies and other contracting partners of OA for the use or provision of services for the data subject and third parties, information in the media and internet and data in connection with the use of OA's website. 4. Purposes of data processing
OA always processes personal data for a specific purpose. Primarily, this is the conclusion and fulfillment of contracts, in particular in the context of providing services to clients and purchasing products and services from suppliers, as well as in order to comply with OA's legal obligations. In addition, OA also processes personal data for the following purposes, which are in OAs legitimate interest:
- Offering and further developing products, services and the website;
- Communication with clients, business partners and third parties;
- Client care and marketing (unless the use of data from data subject for the specific purpose has been explicitly objected to);
- Assertion of legal claims and defense in the context of legal disputes and official proceedings;
- Ensuring the OA's business operation, in particular of the IT and the website;
- Compliance with applicable legal and professional regulations and contractual agreements;
- Corporate transactions (merger, acquisition and sale of companies or transfer of assets).
If the data subject gives consent for the processing of his/her personal data for specific purposes (e.g. receiving newsletters), OA will process the personal data only within the scope of and based on this consent. The given consent can be revoked at any time. 5. Data transfer to third parties and data transfer abroad
- Clients and their affiliates;
- Suppliers, their subcontractors and other external service providers (e.g. banks, insurance companies, accounting) and order processors (e.g. IT providers);
- Domestic and foreign authorities, official agencies and courts, conciliation boards and arbitration tribunals;
- Parties or interested parties to corporate transactions;
- Other parties to potential or actual legal proceedings.
The aforementioned recipients of personal data may be located in Switzerland, but also abroad. The data subject must accordingly expect his/her personal data to be processed in Switzerland but also transmitted to any other country in the world where service providers of OA are located. If a recipient is located in a country without adequate data protection, OA will contractually bind the recipient (e.g. by means of recognized standard contractual clauses) or will rely on an exemption provision, such as consent, the execution of the contract or an overriding public interest. 6. Data security
OA takes appropriate technical and organizational security measures, to protect personal data of the data subject from unauthorized access and misuse. 7. Cookies and tracking
OA uses various techniques on the website that make it possible to recognize data subjects while they are using the website and possibly to track them over several visits.
OA generally uses "cookies" and similar techniques on the website that allow identification of the data subject's browser or device. A cookie is a small text file that is sent to the computer and automatically stored by the web browser on the computer or mobile device when the website is visited. When the data subject visits the website again, the data subject can be recognized, even if the identity of the data subject is not known. In addition to cookies that are only used during a session and deleted after a visit to the website ("session cookies"), cookies may also be used to store user configurations and other information for a certain period of time (e.g. two years) ("permanent cookies"). OA uses permanent cookies to understand how the data subject uses the services and content and to be able to show tailored offers and advertising (which may also happen on other companies' websites; should the data subject's identity be known to the Company, these companies will not learn your identity from OA; they will only know that the same user visiting their website has previously visited a particular website).
OA uses Google Analytics or similar services on the website. These are third-party services that may be based in any country in the world (in the case of Google Analytics, Google Ireland Ltd (based in Ireland), Google Ireland relies on Google LLC (based in the United States) as a sub-processor (both "Google"), www.google.com
Whenever the data subject accesses a server (e.g. when calling up a website or because an e-mail contains a visible or invisible image), the visits can therefore be "tracked". By using OA's website and agreeing to receive newsletters and other marketing emails, the data subject consents to OA using such techniques. If the data subject does not agree to this, the browser or the e-mail program must be configured accordingly.
The data subject may also set his/her browser to block or override certain types of cookies or alternative technologies, or to delete existing cookies. The data subject can also add software to the browser that blocks third-party tracking. 8. Obligation to Provide Personal Data To Us
In the context of a business relationship with OA, the data subject must provide OA with all personal data required for the conclusion and performance of a business relationship and the fulfilment of contractual obligations. Without this information, OA will generally not be able to conclude or perform a contract. Furthermore, the website can only be used if certain information to enable data traffic (e.g. the IP address) is disclosed. 9. Retention Periods for your Personal Data
OA processes and stores personal data for as long as it is necessary for the fulfilment of the contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship as well as beyond that in accordance with the statutory retention and documentation obligations. Personal data may be retained for the period during which claims may be asserted against OA, if otherwise required by law or if legitimate business interests require further retention (e.g. for evidence and documentation purposes). As soon as personal data is no longer required for the aforementioned purposes, it will be deleted or, as far as possible, anonymized. 10. Rights of the data subject
- Right to information on existing personal data;
- Right to rectification of personal data;
- Right to delete personal data;
- Right to restrict the processing of personal data;
- Right to raise an objection to the processing of personal data;
- Right to revoke consent given in the future;
- Right to receive personal data for the purpose of transfer.
The data subject also has the right to enforce his/her claims in court or to file a complaint with the competent data protection authority (in Switzerland: the Federal Data Protection and Information Commissioner). OA draws attention to the fact that OA reserves the right to enforce the restrictions provided for by law, such as legal obligations to retain or process data or the existence of an overriding interest in data processing. The assertion of rights due to the data subject may result in OA no longer being able to provide agreed services and may result in termination of the contract. 11. Changes