Privacy policy

In this Privacy Policy we, KD ZUG Treuhand AG (hereinafter KD ZUG, we or us), describe how we collect and process personal data. This Privacy Policy is not a final description; other data protection declarations may regulate specific matters. For the purposes of this Privacy Policy, personal data means any information relating to an identified or identifiable person.

1. Responsibility and contact

KD ZUG Treuhand AG is responsible for the data processing described here, unless otherwise stated in individual cases. Inquiries about data protection can be sent to us by letter or e-mail, enclosing a copy of the ID or passport identifying the user:

KD ZUG Treuhand AG
Mr. Michael Amrein
Untermüli 7
6302 Zug
Switzerland
Tel: +41 (0)41 766 26 00
michael.amrein@kdzug.ch

2. Collection and processing of personal data

We process personal data in the following categories of processing in particular:

• • Client data of clients for whom we provide or have provided services
  • Personal data that we have received indirectly from our clients during the provision of services
  • When visiting our website
  • When participating in one of our events
  • When we communicate or a visit takes place
  • For applications
  • In the case of other contractual relationships, e.g. as a supplier, service provider or consultant
  • If we are obliged to do so for legal or regulatory reasons
  • When we exercise our due diligence or other legitimate interests, e.g. to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security or enforce our rights

More detailed information can be found in the description of the respective categories of processing in section 4.

3. Categories of personal data

The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you or about people who have a relationship with you. Under certain circumstances, this information may also be particularly sensitive personal data.

We collect the following categories of personal data, depending on the purpose for which we process it:

• • Contact information (e.g. surname, first name, address, telephone number, e-mail)
  • Client information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, Social Security number)
  • Risk assessment data (e.g. credit rating information, commercial register data)
  • Financial information (e.g. data on bank details)
  • Client data, depending on the mandate (e.g. tax information, articles of association, minutes, projects, contracts, employee data (e.g. salary, social insurance), accounting data, beneficial owners, ownership structure)
  • Website data (e.g. IP address, device information (UDI), browser information, website usage (analysis and use of plugins, etc.)
  • Application data (e.g. curriculum vitae, references)
  • Marketing information (e.g. newsletter registration)
  • Security and network data (e.g. visitor lists, access controls, network and mail scanners, telephone call lists)

Insofar as this is permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties. In addition to the data that you provide to us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we obtain in connection with official and court proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information, information about you that people from your environment (family, advisors, legal representatives, etc.) provide to us so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney) information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours on the use or provision of services by you (e.g. payments made, purchases made), information from the media and the internet about your person (insofar as this is appropriate in the specific case, e.g. in the context of a job application, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location data).

4. Purposes of data processing and legal basis
4.1. Providing services

We primarily process the personal data that we receive from our clients and other business partners in the context of our client relationships and other contractual relationships with them and other persons involved.

The personal data of our clients includes the following information in particular:

• • Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information)
  • Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport
  • / ID number, Social Security number, family circumstances, etc.).
  • Risk assessment data (e.g. credit rating information, commercial register data, sanctions lists, specialized databases, data from the Internet)
  • Financial information (e.g. data on bank details, investments or shareholdings)
  • Client data, depending on the mandate, e.g. tax information, articles of association, minutes, employee data (e.g. salary, social insurance), accounting data, etc.
  • Particularly sensitive personal data: This personal data may also include particularly sensitive personal data, such as data on health, religious beliefs or social assistance measures, especially if we provide payroll processing or accounting services.
  • We process this personal data for the purposes described on the basis of the following legal bases:
  • Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and any enforcement (e.g. advice, fiduciary services)
  • Fulfillment of a legal obligation (e.g. if we perform our duties as auditors or are obliged to disclose information)
  • Safeguarding legitimate interests (e.g. for administrative purposes, to improve our quality, ensure security, manage risk, enforce our rights, defend ourselves against claims or to check for possible conflicts of interest)
  • Consent (e.g. to send you marketing information).

4.2. Indirect data processing from service providing services

When we provide services for our clients, we may also process personal data that we have not collected directly from the data subjects or personal data of third parties. These third parties are usually employees, contact persons, family members or persons who have a relationship with the clients or the data subjects for other reasons. We require this personal data in order to fulfill contracts with our clients. We receive this personal data from our clients or from third parties commissioned by our clients. Third parties whose information we process for this purpose are informed by our clients that we are processing their data. Our clients can refer to this Privacy Policy for this purpose.

The personal data of persons who have a relationship with our clients includes the following information in particular:

• • Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information, marketing data)
  • Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport
  • / ID number, Social Security number, family circumstances, etc.).
  • Financial information (e.g. data on bank details, investments or shareholdings)
  • Client data, depending on the mandate, e.g. tax information, articles of association, minutes, employee data (e.g. salary, social insurance), accounting data
  • Particularly sensitive personal data: This personal data may also include particularly sensitive personal data, such as data on health, religious beliefs or social assistance measures, especially if we provide payroll processing or accounting services.
  • We process this personal data for the purposes described on the basis of the following legal bases:
  • Conclusion or performance of a contract with or for the benefit of the data subject (e.g. when we fulfill our contractual obligations)
  • Fulfillment of a legal obligation (e.g. if we perform our duties as auditors or are obliged to disclose information)
  • Safeguarding legitimate interests, in particular our interest in providing an optimal service to our clients.

4.3. Use of our website

No personal data needs to be disclosed in order to use our website. However, the server collects a range of user information with each visit, which is temporarily stored in the server’s log files.

When using this general information, no assignment to a specific person takes place. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected in order to improve the website and analyze its use.

This includes the following information in particular:

• • Contact information (e.g. surname, first name, address, telephone number, e-mail)
  • Further information that you send us via the website
  • Technical information automatically transmitted to us or our service providers, information on user behavior or website settings (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening the newsletter, clicking on links, etc.).

We process this personal data for the purposes described on the basis of the following legal bases:

• • Safeguarding legitimate interests (e.g. for administrative purposes, to improve our quality, analyze data or publicize our services)
  • Consent (e.g. to the use of cookies or the newsletter).

4.4. Participation in events

If you participate in an event organized by us, we collect personal data in order to organize and carry out the event and, if necessary, to send you additional information afterwards. We also use your information to inform you about other events. You may be photographed or filmed by us at these events and we may publish this image material internally or externally.

This involves the following information in particular:

• • Contact information (e.g. surname, first name, address, telephone number, e-mail)
  • Personal information (e.g. profession, function, title, employer company, eating habits)
  • Pictures or videos

We process this personal data for the purposes described on the basis of the following legal bases:

• • Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (enabling participation in the event)
  • Safeguarding legitimate interests (e.g. holding events, disseminating information about our event, providing services, efficient organization)
  • Consent (e.g. to send you marketing information or to create image material).

4.5. Direct communication and visits

When you contact us (e.g. by telephone, e-mail or chat) or we contact you, we process the personal data required for this. We also process this personal data when you visit us. In this case, you may have to leave your contact details before your visit or at reception. We store this data for a certain period of time in order to protect our infrastructure and our information.

We use the “Microsoft Teams” service to conduct telephone conferences, online meetings, video conferences and/or webinars (“online meetings”).

We process the following information in particular:

• • Contact information (e.g. surname, first name, address, telephone number, e-mail)
  • Key data for communication (e.g. IP address, duration of communication, communication channel)
  • Recordings of conversations, e.g. during video conferences
  • Other information that the user uploads, provides or creates while using the video conferencing service and metadata used for the maintenance of the service provided. Additional information on the processing of personal data by “Microsoft Teams” can be found in their Privacy Policy.
  • Personal information (e.g. profession, function, title, employer company)
  • Time and reason for the visit.

We process this personal data for the purposes described on the basis of the following legal bases:

• • Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (provision of a service)
  • Safeguarding legitimate interests (e.g. security, traceability, processing and administration of client relationships).

4.6. Applications

You can submit your application for a position with us by post or via the e-mail address provided on our website. The application documents and all personal data disclosed to us will be treated as strictly confidential, will not be disclosed to third parties and will only be processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application dossier will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal safekeeping obligation. The legal basis for the processing of your data is your consent, the fulfillment of the contract with you and our legitimate interests.

We process the following information in particular:

• • Contact information (e.g. surname, first name, address, telephone number, e-mail)
  • Personal information (e.g. profession, function, title, employer company)
  • Application documents (e.g. letter of motivation, certificates, diplomas, curriculum vitae)
  • Assessment information (e.g. assessment of personnel consultants, reference information, assessments)
  • We process this personal data for the purposes described on the basis of the following legal bases:
  • Safeguarding legitimate interests (e.g. hiring new employees)
  • Consent

4.7. Suppliers, service providers, other contractual partners

When we enter into a contract with you to provide a service for us, we process personal data about you or your employees. We need this data in order to communicate with you and make use of your services. We may also process this personal data to check whether there could be a conflict of interest in connection with our activities as auditors and to ensure that we do not enter into any unwanted risks, e.g. with regard to money laundering or sanctions.

We process the following information in particular:

• • Contact information (e.g. surname, first name, address, telephone number, e-mail).
  • Personal information (e.g. profession, function, title, employer company).
  • Financial information (e.g. data on bank details).

We process this personal data for the purposes described on the basis of the following legal bases:

• • Conclusion or execution of a contract with the data subject or in favor of the data subject, including contract initiation and possible enforcement
  • Protection of legitimate interests (e.g. avoidance of conflicts of interest, protection of the company, enforcement of legal claims).

5. Tracking technologies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. The use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

Other third-party cookies may also be loaded that collect information about your online activities using cookies, web beacons/pixel tags and other similar technologies, either through our services or across the internet. These companies may also display ads and track user behavior in other ways.

The data processed by cookies is required for the purposes mentioned. In principle, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate or delete the use of cookies at any time via your browser settings. Please use the help functions of your internet browser to find out how you can change these settings. Please note that individual functions of our

website may not work if you have deactivated the use of cookies. Users can deactivate the receipt of cookies by clicking here: www.youronlinechoices.com

6. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

7. Links

This website may contain hyperlinks to other websites that are not operated or monitored by us. These third- party websites are not subject to this Privacy Policy and we are not responsible for their content or their policies regarding the handling of personal data. We recommend that you read the policy of the respective websites and check how they protect your personal data and whether they are trustworthy.

8. Web analysis

We use the following web analysis tools and re-targeting technologies to obtain information about the use of our website, to improve our Internet offering and to be able to address you with advertising on third-party websites or on social media: Google Analytics.

These tools are provided by third-party providers. As a rule, the information collected for this purpose about the use of a website is transmitted to the server of the third-party provider through the use of cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad.

The data is usually transmitted by shortening the IP addresses, which prevents the identification of individual end devices. This information is only transmitted by third-party providers on the basis of legal regulations or as part of order data processing.

8.1. Google Analytics

We use Google Analytics on our websites, the web analysis service of Google LLC, Mountain View, California, USA, responsible for Europe is Google Limited Ireland (“Google”). To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store specific user-related information on the user’s device. These enable Google to analyze the use of our website. The information collected by the cookie about the use of our pages (including your IP address) is usually transferred to a Google server in the USA and stored there. We would like to point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp();” in order to ensure an anonymized collection of IP addresses (so-called IP masking). If anonymization is active, Google shortens IP addresses within member states of the European Union or in other contracting states of the agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google may associate your IP address with other Google data. For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses.

8.2. Google Maps

On our website we use Google Maps (API) from Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Limited Ireland, “Google”). Google Maps is a web service for displaying interactive (land) maps in order to visualize geographical information. By using this service, our location is shown to you and any directions are made easier. Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there as soon as you access the subpages in which the Google Maps map is integrated. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them.

For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses.

8.3. Adobe Typekit

We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Ltd. that gives us access to a font library. To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. Adobe then receives the information that our website has been accessed from your IP address. Further information about Adobe Typekit can be found in Adobe’s Privacy Policy, which you can access here: www.adobe.com/privacy/typekit.html

9. Data transfer and data transmission

We only pass on your data to third parties if this is necessary for providing our services, if these third parties provide a service for us, if we are legally or officially obliged to do so or if we have an overriding interest in passing on the personal data. We will also pass on personal data to third parties if you have given your consent or requested us to do so.

Not all personal data is transmitted in encrypted form as standard. Unless explicitly agreed otherwise with the client, accounting data, payroll administration data, payslips and salary statements are transmitted unencrypted.

The following categories of recipients may receive personal data from us:

• • Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).
  • Third parties within the scope of our legal or contractual obligations, authorities, state institutions, courts.

We conclude contracts with service providers who process personal data on our behalf, obliging them to guarantee data protection. The majority of our service providers are located in Switzerland or in the EU/EEA. Certain personal data may also be transferred to the USA (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. If it is necessary to transfer data to other countries that do not have an adequate level of data protection, this is done on the basis of the EU standard contractual clauses (e.g. in the case of Google) or other suitable instruments.

10. Duration of storage of personal data

We process and store your personal data for as long as is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as beyond that in accordance with the legal safekeeping and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company (i.e. in particular during the legal limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as far as possible. Shorter safekeeping periods of twelve months or less generally apply to operational data (e.g. system protocols, logs).

11. Data security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls.

These security precautions are set out in our internal guideline for data processing.

12. Obligation to provide personal data

As part of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations (as a rule, you do not have a legal obligation to provide us with data). Without this data, we will not be able to enter into or perform a contract with you (or the entity or person you represent). The website can also not be used if certain information to secure data traffic (such as IP address) is not disclosed.

13. Your rights

You have the following rights in connection with our processing of personal data:

• • Right to information about your personal data stored by us, the purpose of processing, the origin and recipients or categories of recipients to whom personal data is disclosed
  • Right to rectification if your data is incorrect or incomplete
  • Right to restrict the processing of your personal data
  • Right to request the deletion of processed personal data
  • Right to data transferability
  • Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons
  • Right to lodge a complaint with a competent supervisory authority, if provided for by law.

To assert these rights, please contact the address given in section 1.

Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or require it for the assertion of claims. If you incur costs, we will inform you in advance.

14. Changes to the Privacy Policy

We expressly reserve the right to amend this Privacy Policy at any time. Last change: September 5, 2023