In this privacy policy, we, reoplan Treuhand AG / reoplan Thun AG / reoplan Zürich AG / reoplan Immobilien AG (hereinafter referred to as reoplan, we, or us), describe how we collect and process personal data. This privacy policy does not constitute a comprehensive description; other privacy-related statements may regulate specific situations. For the purposes of this privacy policy, personal data refers to all information related to an identified or identifiable person.

 

1. Controller and Contact

The respective reoplan company mentioned above is responsible for processing the data described here. Requests regarding privacy can be directed to us by sending a letter or an email accompanied by a copy of the ID or passport for user identification: reoplan Treuhand AG, Data Protection Department, Wabernstrasse 40, 3007 Bern / datenschutz@reoplan.ch


2. Collection and Processing of Personal Data

We process personal data, particularly in the following categories of operations.

• Customer data of customers for whom we provide or have provided services.

• Personal data indirectly obtained from our customers in the course of service provision.

• When visiting our website (Cookies)

• When using our newsletters

• When participating in our events.

• During communication or visits.

• In other contractual relationships, e.g., as a supplier, service provider, or consultant.

• In job applications

• When required by law or regulations.

• When fulfilling due diligence or other legitimate interests, e.g., avoiding conflicts of interest, preventing money laundering or other risks, ensuring data accuracy, verifying creditworthiness, ensuring security, or enforcing our rights. More detailed information can be found in the description of the respective categories of processing in Section 5.

 

3. Categories of Personal Data

The categories of personal data we process depend on your relationship with us and the purpose of processing. In addition to your contact details, we also process additional information about you or individuals associated with you. In certain cases, these pieces of information may include sensitive personal data.

 

We collect the following categories of personal data, depending on the purpose of processing:

• Contact information (e.g., name, first name, address, phone number, email)

• Personal information (e.g., date of birth, nationality, marital status, hometown, profession, title, job position, passport / ID, social security number)

• Risk assessment data (e.g., credit information, commercial register data, debt enforcement or criminal record information)

• Financial information (e.g., banking details, investments, or interests)

• Mandate data, depending on the assignment (e.g., tax information, statutes, protocols, projects, contracts, employee data (e.g., salary, social security), accounting data, beneficial owners, ownership relationships)

• Website data (e.g., IP address, device information (UDI), browser information, website usage (analytics, plugin usage, etc.))

• Application data (e.g., CV, certificates, identification documents, debt enforcement extracts, criminal record extracts)

• Marketing information (e.g., newsletter registration, data from quotation calculators)

• Security and network data (e.g., network and email scanners, phone call lists)

• Rental applicant applications (e.g., first name, last name, address, date of birth, hometown, nationality, residence permits, information about guardianship or social support, bank details, ID copies, information about employers and income, sometimes bank statements for individuals without income (retirees))

• Tenant data (e.g., first name, last name, address, date of birth, hometown, nationality, residence permits, information about guardianship or social support, bank details, ID copies, information about employers and income, sometimes bank statements for individuals without income (retirees))

 

Where permitted, we also gather data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, press, internet) or receive such data from our clients and their employees, authorities, (arbitration) courts, and other third parties. In addition to the data you provide directly, the categories of personal data received from third parties may include information from public registers, information related to administrative and judicial proceedings, information related to your professional functions and activities (to enable us to conduct business with your employer), correspondence and meetings with third parties, credit reports, information given by individuals in your environment (family, advisors, legal representatives, etc.) to conclude or process contracts involving you (e.g., references, delivery addresses, powers of attorney), information to comply with legal requirements such as anti-money laundering and export restrictions, information from banks, insurers, distributors, and other contracting parties of ours to provide or use services by you (e.g., payments made, purchases made), information from media and the internet about you (where applicable, e.g., in the context of a job application, etc.), your addresses and possibly interests and other socio-demographic data (for marketing), data related to website usage (e.g., IP address, smartphone or computer MAC address, device and setting information, cookies, visit date and time, accessed pages and content, used features, referring website, location information).

 


4. Purposes of Data Processing and Legal Basis

4.1. Provision of Services

Primarily, we process personal data obtained within the scope of our mandate relationships with our customers and other contractual relationships with business partners and individuals involved therein.

The personal data of our customers primarily include the following information:

• Contact information (e.g., name, first name, address, phone number, email)

• Personal information (e.g., date of birth, nationality, marital status, hometown, profession, title, job position, passport / ID, social security number)

• Risk assessment data (e.g., credit information, commercial register data, debt enforcement or criminal record information)

• Financial information (e.g., banking details, investments, or interests)

• Mandate data, depending on the assignment (e.g., tax information, statutes, protocols, projects, contracts, employee data (e.g., salary, social security), accounting data, beneficial owners, ownership relationships)

• Rental applicant applications (e.g., first name, last name, address, date of birth, hometown, nationality, residence permits, information about guardianship or social support, bank details, ID copies, information about employers and income, sometimes bank statements for individuals without income (retirees))

• Tenant data (e.g., first name, last name, address, date of birth, hometown, nationality, residence permits, information about guardianship or social support, bank details, ID copies, information about employers and income, sometimes bank statements for individuals without income (retirees))

• Sensitive personal data: Among this personal data, there may also be sensitive personal data, such as health data, religious views, or social assistance measures, especially when providing services in the field of payroll processing or accounting.

 

We process these personal data for the described purposes based on the following legal bases:

• Conclusion or performance of a contract with the data subject or for the data subject's benefit, including contract initiation and potential enforcement (e.g., consulting, trustee services)

• Fulfillment of a legal obligation (e.g., when performing our duties as an auditing firm or obligated to disclose information)

• Legitimate interests pursued by us (e.g., for administrative purposes, improving our quality, ensuring security, risk management, enforcing our rights, defending against claims, or examining potential conflicts of interest)

• Consent (e.g., to send them marketing information).

 

4.2. Indirect Data Processing from Service Provision

When providing services for our customers, we might process personal data that we did not directly collect from the data subjects or personal data of third parties. These third parties typically include employees, contact persons, family members, or individuals otherwise associated with customers or data subjects. We require this personal data to fulfill contracts with our customers. We obtain this personal data from our customers or from third parties authorized by our customers. Third parties whose information we process for this purpose are informed by our customers that we are processing their data. Our customers can refer these third parties to this privacy policy.
 

The personal data of individuals associated with our customers mainly include the following information:

• Contact information (e.g., name, first name, address, phone number, email)

• Personal information (e.g., date of birth, nationality, marital status, hometown, profession, title, job position, passport / ID, social security number)

• Risk assessment data (e.g., credit information, commercial register data, debt enforcement or criminal record information)

• Financial information (e.g., banking details, investments, or interests)

• Mandate data, depending on the assignment (e.g., tax information, statutes, protocols, projects, contracts, employee data (e.g., salary, social security), accounting data, beneficial owners, ownership relationships)

• Rental applicant applications (e.g., first name, last name, address, date of birth, hometown, nationality, residence permits, information about guardianship or social support, bank details, ID copies, information about employers and income, sometimes bank statements for individuals without income (retirees))

• Tenant data (e.g., first name, last name, address, date of birth, hometown, nationality, residence permits, information about guardianship or social support, bank details, ID copies, information about employers and income, sometimes bank statements for individuals without income (retirees))

• Sensitive personal data: Among this personal data, there may also be sensitive personal data, such as health data, religious views, or social assistance measures, especially when providing services in the field of payroll processing or accounting.

 

We process these personal data for the described purposes based on the following legal bases:

• Conclusion or performance of a contract with the data subject or for the data subject's benefit (e.g., fulfilling our contractual obligations)

• Fulfillment of a legal obligation (e.g., when performing our duties as an auditing firm or obligated to disclose information)

• Legitimate interests pursued by us, particularly our interest in providing optimal services to our customers.

 

4.3. Use of Our Website

To use our website, no personal data need to be disclosed. However, the server captures a set of user information with each visit, which is temporarily stored in the server's log files.

These general pieces of information are not attributed to any specific person. Collecting this information or data is technically necessary to display our website and ensure its stability and security. Furthermore, this information is collected to enhance the website and analyze its usage.
 

This information primarily includes:

• Contact information (e.g., name, first name, address, phone number, email)

• Additional information you transmit to us via the website (e.g., information for quotation calculators, damage reports)

• Automatically transmitted technical information, user behavior information, or website settings to us or our service providers (e.g., IP address, UDI, device type, browser, number of page clicks, opening of newsletters, clicks on links, etc.)
 

We process these personal data for the described purposes based on the following legal bases:

• Legitimate interests pursued by us (e.g., for administrative purposes, improving our quality, analyzing data, or promoting our services)

• Consent (e.g., for the use of cookies or newsletters, generating quotations).

 

4.4. Operation and Hosting of this Website (Cmsbox)

This website utilizes the content management system Cmsbox. The technical operation and hosting of this system are managed by Cmsbox GmbH, Terrassenweg 18, 3012 Bern, Switzerland. In order to provide, assess, and enhance its services, Cmsbox GmbH collects personal data as described in section 4.3, as well as the following:
 

Matomo

Cmsbox employs the tracking system Matomo (formerly Piwik) for visitor analytics. This data collection assists Cmsbox GmbH in the operation and improvement of its technical infrastructure. However, it can also be deactivated upon explicit request. Data collection is pseudonymized, preventing any inference to a specific visitor. The underlying records are also deleted after 180 days.
 

Web Fonts

This website uses fonts.com, a font service provided by Monotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg (fonts.com). Whenever this website is accessed to display text in a specific font, files are loaded from a fonts.com server. In this process, your IP address may be transmitted to a fonts.com server and stored as part of standard web logs. The handling of this information is the responsibility of fonts.com. For relevant terms and customization options, please refer to fonts.com's privacy policy: monotype.com/privacy-policy.

 

4.5. Use of Newsletter

If you subscribe to our newsletter, we will use your email address and other contact details to send you the newsletter. You can subscribe to our newsletter with your consent. The mandatory information for sending the newsletter includes your full name and email address, which we store after your registration. The legal basis for processing your data in connection with our newsletter is your consent to receive the newsletter. You can revoke this consent at any time and unsubscribe from the newsletter.

 

4.6. Participation in Events

When you participate in an event organized by us, we collect personal data to organize and conduct the event and, if applicable, to send you additional information afterward. We also use your information to inform you about other events. It is possible that you may be photographed or filmed by us during these events, and we may internally or externally publish this visual material.

 

This includes, in particular, the following information:

• Contact information (e.g., name, first name, address, phone number, email)

• Personal information (e.g., profession, position, title, employer company, dietary preferences)

• Images or videos

• Payment information (e.g., banking details)
 

We process these personal data for the described purposes based on the following legal bases:

• Fulfillment of a contractual obligation with the data subject or for the data subject's benefit, including contract initiation and potential enforcement (facilitating participation in the event)

• Legitimate interests pursued by us (e.g., conducting events, disseminating information about our events, providing services, efficient organization)

• Consent (e.g., to send you marketing information or create visual materials).

 

4.7. Direct Communication and Visits

When you contact us (e.g., via phone, email, chat, or postal mail) or we contact you, we process the necessary personal data for that purpose. We also process this personal data when you visit us.

For conducting telephone conferences, online meetings, video conferences, and/or webinars ("online meetings"), we use services such as "Zoom" or "Microsoft Teams."
 

We process the following information in particular:

• Contact information (e.g., name, first name, address, phone number, email)

• Communication metadata (e.g., IP address, communication duration, communication channel)

• Other information that the user uploads, provides, or creates during the use of the video conferencing service, as well as metadata used for maintaining the provided service. Additional information about the processing of personal data by "Zoom" or Microsoft Teams can be found in their privacy policies.

• Personal information (e.g., profession, position, title, employer company)

• Time and reason for the visit.
 

We process these personal data for the described purposes based on the following legal bases:

• Fulfillment of a contractual obligation with the data subject or for the data subject's benefit, including contract initiation and potential enforcement (providing a service)

• Legitimate interests pursued by us (e.g., security, traceability, as well as processing and administering customer relationships).

 

4.8. Applications

You can submit your application for a position with us by mail or through the email address provided on our website. The application documents and all personal data provided to us will be treated as strictly confidential, not disclosed to third parties, and processed solely for the purpose of processing your application for employment with us. Without your contrary consent, your application dossier will either be returned to you or deleted/destroyed after the application process concludes, unless it is subject to a legal retention requirement. The legal bases for processing your data are your consent, the performance of the contract with you, and our legitimate interests.

 

We process the following information in particular:

• Contact information (e.g., name, first name, address, phone number, email)

• Personal information (e.g., profession, position, title, employer company)

• Application documents (e.g., cover letter, certificates, diplomas, resume, debt enforcement register extract, criminal record extract)

• Evaluation information (e.g., recruiter assessment, reference inquiries, assessments)
 

We process these personal data for the described purposes based on the following legal bases:

• Legitimate interests pursued by us (e.g., hiring new employees)

• Consent.

 

4.9. Suppliers, Service Providers, Other Contractual Partners

When we enter into a contract with you for you to provide a service to us, we process personal data of you or your employees. We require this data to communicate with you and avail ourselves of your services. We may also process this personal data to assess whether a conflict of interest may arise in connection with our activity as an auditing firm and to ensure that we do not unwittingly incur unwanted risks, such as money laundering or sanctions.

 

We process the following information in particular:

• Contact information (e.g., name, first name, address, phone number, email)

• Personal information (e.g., profession, position, title, employer company)

• Financial information (e.g., banking details)
 

We process these personal data for the described purposes based on the following legal bases:

• Conclusion or performance of a contract with the data subject or for the data subject's benefit, including contract initiation and potential enforcement

• Legitimate interests pursued by us (e.g., avoiding conflicts of interest, protecting the company, enforcing legal claims).

 

5. Tracking Technologies

We use cookies on our website. These are small files that your browser automatically creates and stores on your end device (e.g., laptop, tablet, smartphone) when you visit our site.

Information is stored in the cookie that is specifically related to the respective end device used. However, this does not mean that we immediately gain knowledge of your identity through this. The use of cookies serves, on the one hand, to make your use of our offerings more pleasant. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.

Furthermore, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offerings for you. These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the purposes mentioned. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies can lead to the fact that you may not be able to use all functions of our website.

 

6. Web and Newsletter Analysis

In order to gain insights into the usage of our website, improve our online offerings, and also engage with you through advertising on third-party websites or social media, we utilize the following web analysis tools and re-targeting technologies: Google Analytics and Mailchimp.

 

These tools are provided by third-party providers. Typically, the information collected for this purpose about website usage is transmitted to the third-party server through the use of cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad (e.g., Mailchimp in the USA).

 

Data transmission usually involves truncating IP addresses to prevent the identification of individual devices. The transfer of this information by third-party providers only takes place due to legal regulations or as part of order data processing.

 

6.1. Google Analytics

We use Google Analytics, the web analytics service provided by Google LLC, based in Mountain View, California, USA (Google Limited Ireland is responsible for Europe). To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=en. Google Analytics uses cookies, which are small text files that allow specific user-related information to be stored on the user's device. These enable an analysis of the usage of our website by Google. The information collected by the cookie about your use of our pages (including your IP address) is usually transmitted to a Google server in the USA and stored there. We note that Google Analytics on this website has been extended with the code "gat._anonymizeIp();" to ensure anonymized IP address collection (IP masking). When IP anonymization is active, Google shortens IP addresses within member states of the European Union or other states that are parties to the Agreement on the European Economic Area, making it impossible to draw conclusions about your identity. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google may potentially link your IP address with other data from Google. For data transfers to the USA, Google has committed to signing and adhering to EU Standard Contractual Clauses.

 

6.2. Google Maps

We use Google Maps (API) provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Limited Ireland is responsible for Europe). Google Maps is a web service for displaying interactive (land) maps to visually represent geographical information. When accessing the subpages containing Google Maps, information about your usage of our website (e.g., your IP address) is transmitted to servers of Google in the USA and stored there. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this association with your profile on Google, you must log out before activating the button. Google stores your data (even for non-logged-in users) as user profiles and evaluates them.

For data transfers to the USA, Google has committed to signing and adhering to EU Standard Contractual Clauses.

 

6.3. Social Media Plugins

Our website uses so-called social media plugins ("plugins") from third-party providers. The plugins are recognizable by the logo of the respective social network. Through the plugins, we offer you the opportunity to interact with social networks and other users. The following plugins are used on our website: Facebook, LinkedIn, etc. When you visit our website, your browser establishes a direct connection to the servers of the third-party provider. The content of the plugin (e.g., YouTube videos) is transmitted directly to your browser by the respective third-party provider and integrated into the page.

 

The data transfer for displaying content (e.g., publications on Twitter) occurs regardless of whether you have an account with the third-party provider and are logged in there. If you are logged in to the third-party provider, your data will also be directly associated with your existing account there. When you activate the plugins, the information is also published in the social network and displayed to your contacts. The purpose, scope of data collection, and further processing and use of the data by the third-party providers, as well as your related rights and privacy protection settings, are outlined in the data protection notices of the third-party providers. The third-party provider stores the data collected about you as user profiles and uses them for advertising, market research, and/or personalized design of its website. This evaluation is also conducted for non-logged-in users, particularly for targeted advertising and to inform other users of the social network about your activities on our website. If you wish to prevent the third-party providers from associating the data collected through our website with your personal profile in the respective social network, you must log out of the relevant social network before visiting our website. You can also prevent the loading of plugins entirely using browser add-ons like "Ghostery" (https://www.ghostery.com/) or "NoScript" (http://noscript.net/).

 

6.4. Newsletter Tracking

For sending our newsletter, we use the software Mailchimp, which allows newsletters to be sent and analyzed. To conduct this analysis, we collect device and access data. The newsletter includes a pixel for this purpose. The newsletter or the web pages accessible through this newsletter are also tracked with cookies. A pixel is an image file stored on the recipient's device.

 

With the help of these technologies, we receive information about whether the newsletter was delivered, opened, and which contents were clicked. We use this information to improve our newsletter and offerings.

 

7. Data Disclosure and Data Transmission

We only share your data with third parties when necessary for the provision of our services, when these third parties provide a service for us, when we are legally or regulatory obliged to do so, or when we have a predominant interest in disclosing personal data. We will also share personal data with third parties if you have given your consent or requested us to do so.

 

Not all personal data is transmitted encrypted by default. Unless explicitly agreed otherwise with the client, accounting data, payroll administration data, salary statements and certificates, as well as general email correspondences, are transmitted unencrypted.

 

The following categories of recipients may receive personal data from us:

• Service providers (e.g., IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).

• Third parties within the scope of our legal or contractual obligations, authorities, governmental institutions, courts.

 

We conclude contracts with service providers processing personal data on our behalf to ensure data protection. Our service providers are primarily located in Switzerland or the EU. Certain personal data may also be transmitted to the USA (e.g., Google Analytics data or Mailchimp) or in exceptional cases to other countries worldwide. If data transmission to other countries lacking adequate data protection levels is required, it will be carried out based on EU Standard Contractual Clauses (e.g., in the case of Google) or other suitable instruments).

 

8. Duration of Retention of Personal Data

We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations or for the purposes pursued with the processing. This means, for example, for the duration of the entire business relationship (from initiation, execution to termination of a contract) as well as according to legal retention and documentation obligations. It is possible that personal data will be retained for the period during which claims can be asserted against our company (especially during the statutory limitation period) and to the extent that we are otherwise legally obligated or have legitimate business interests (e.g., for evidence and documentation purposes). As soon as your personal data are no longer necessary for the above-mentioned purposes, they will be deleted or anonymized as a matter of principle and as far as possible. For operational data (e.g., system logs), generally shorter retention periods of twelve months or less apply.

 

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. These measures include issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, and controls.

 

10. Obligation to Provide Personal Data

As part of our business relationship, you must provide the personal data necessary for the establishment and execution of a business relationship and the fulfillment of associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will not be able to conclude or process a contract with you (or the entity or person you represent). The website also cannot be used if certain information necessary for ensuring data traffic (such as IP address) is not disclosed.

 

11. Your Rights

In connection with our processing of personal data, you have the following rights:

• Right to information about personal data stored about you, the purpose of processing, the origin, and recipients or categories of recipients to whom personal data are disclosed.

• Right to correction if your data is incorrect or incomplete.

• Right to restrict the processing of your personal data.

• Right to request the deletion of processed personal data.

• Right to data portability.

• Right to object to data processing or to revoke consent to the processing of personal data at any time without stating reasons.

• Right to lodge a complaint with a competent supervisory authority, if provided by law.

 

To exercise these rights, please contact the address provided in Section 1. Please note that we reserve the right to assert the legally provided restrictions ourselves, for example, if we are obligated to retain or process certain data, have an overriding interest (if we are entitled to do so), or need them to assert claims. If there are any costs for you, we will inform you in advance.
 

12. Amendment of the Privacy Policy

We expressly reserve the right to amend this privacy policy at any time.

Last modified: August 2023