Privacy Policy

SWA Swiss Auditors Ltd (hereinafter «SWA», «we» or «us») operate the website « https://www.swa-audit.ch/» (hereinafter the «SWA Website») and process personal data in connection with the SWA Website and in the context of rendering its services.

Your trust is important to us, which is why we take the protection of data seriously and ensure appropriate security. We observe the statutory provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and any other applicable data protection provisions.

SWA is responsible for the processing of personal data. If you have any questions regarding data protection, you can contact us by post or e-mail at the addresses below:

Post:
Bahnhofstrasse 3
Postfach 347
CH-8808 Pfäffikon SZ

E-Mail:
info@swa-audit.ch

A) Processing of personal data when visiting the SWA Website

1. What data do we collect from you when you access the SWA Website?

In order to enable you to establish a connection to the SWA Website and to ensure its secure use (in particular, system security and system stability), our servers temporarily save each access through our web hosting provider (OptimaNet Schweiz AG) to a log file when you visit the SWA Website. As is generally the case with every connection to a web server, the following technical data is automatically recorded without your intervention and stored until automated deletion:

  • IP address of the requesting computer;
  • Name of the owner of the IP address range (usually your Internet access provider);
  • Date and time of access;
  • Website from where the access was made (referrer URL), if applicable with the search word used;
  • Name and URL of the file accessed;
  • Status code (e.g. error message);
  • Operating system of your computer;
  • Browser used by you (type, version and language);
  • Transmission protocol used by you (e.g. HTTP/1.1).

For the avoidance of unauthorized access, and unless already deleted automatically, the IP address of the requesting computer may be evaluated together with other data in the event of attacks on the network infrastructure or other unauthorized use of the SWA Website and may be used in related criminal or civil proceedings against the users concerned. In this case, the data may be stored for as long as they are necessary for the civil or criminal proceedings.

The web hosting provider stores this data for thirty calendar days. It is possible that some of this data is also collected via tracking tools used by us and is therefore stored for longer.

2. Do we use cookies and tracking tools?

We use cookies and tracking tools on the SWA Website. In particular, we use the following cookies:

  • Advertising cookies (in particular Google reCaptcha);
  • Website analytics (in particular Google Analytics);
  • CDN cookies (in particular Google API and Google Static).

We also use the website analysis tool Google Analytics for the purpose of demand-oriented design and continuous optimisation of the SWA Website. Google Analytics uses cookies to generate information about your use of the SWA Website. This information is transmitted to Google, stored there and processed for us. In addition to the data listed under A) 1, we may receive the following information as a result:

  • Navigation path that a visitor takes on the website;
  • Time spent on the website or subpage;
  • The subpage on which the website is left;
  • The country, region or city from which access is made;
  • End device (type, version, colour depth, resolution, width and height of the browser window); and
  • Returning or new visitors.

The information is used to analyse the use of the SWA Website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of the SWA website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

The provider of Google Analytics is Google Inc, a company of the holding company Alphabet Inc, based in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymisation (“anonymizeIP”) on this SWA Website. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these cases, we use contractual guarantees to ensure that Google Inc. complies with an adequate level of data protection. According to Google Inc., under no circumstances will the IP address be associated with other data relating to the user.

Further information about the web analysis service used can be found on the Google Analytics website. You can find instructions on how to prevent the processing of your data by the web analysis service at http://tools.google.com/dlpage/gaoptout?hl=en.

If you block cookies, certain functions may no longer work.

3. What personal data is processed through the integration of links to third party websites?

We have included links to social media (e.g. LinkedIn and Facebook) or applications (e.g. Outlook e-mail) from third parties in various places on the SWA Website. If you access such links from our SWA Website, data may be passed on to the owner of the website you are accessing. We have no influence on the data processing by the operators of such websites. Please read the respective privacy policy of the operators of the relevant website.

B) Processing of personal data when contacting or working with SWA

We process personal data that we receive from you as a client or from third parties involved as part of the client relationship, or that we collect ourselves in order to manage a mandate that may have been granted to us. In particular, this is case if:

  • You contact us;
  • You engage third parties to provide us with information;
  • You enter a contract with us; or
  • We have an investigation mandate regarding a company for which you work or with which you have business relations.

In addition to the personal data provided to us in the context of a contractual relationship, we also collect data (i) from publicly accessible sources (e.g. public registers, press, internet databases), (ii) from authorities or (iii) from third parties involved in the provision of our services. We process the aforementioned types of personal data in order to provide, document and invoice our services. Please note that you are responsible for personal data that you provide to us (e.g. personal data of employees of your company) and that you must fulfil your own information obligations in this regard.

C) What personal data do we process when you register for an event?

We regularly organise and take part in events. For this purpose, we may need the following information for the organisation of such events:

  • Last name;
  • First name;
  • Email address.

We only use this data and any additional data provided by you to enable you to take part in an unforgettable event. We only process this data if you send it to us for participation in the event.

D) What personal data do we process when you apply for a job with us?

We are always looking for motivated employees and would be delighted to receive your application. So that we can keep the application process as simple as possible, we particularly process the following information about you:

  • Salutation;
  • Last name;
  • First name;
  • Street;
  • Postcode;
  • City;
  • Country;
  • Telephone number;
  • E-mail address;
  • Curriculum vitae;
  • Diplomas / certificates;
  • Letter of motivation.

We only use this data and other data you provide voluntarily (e.g. date of birth, link to LinkedIn profile) to review your application and the associated application process. If your application is successful, we will keep this information in your personnel file. If, unfortunately, an employment relationship is not established, we will retain your application data for a period of 3 months and then delete it, unless we have agreed otherwise with you individually.

E) Do we pass on your personal data to third parties?

We only pass on your personal data to third parties if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce rights, in particular to enforce claims arising from a contractual relationship. In addition, we pass on your personal data to third parties insofar as this is necessary in the context of using the SWA Website and to fulfil our legal and contractual obligations. These are the following categories of possible recipients: external service providers, clients, counterparties and their legal representatives, business partners (with whom we provide legal services), authorities and courts as well as counterparties and their legal representatives.

F) Are personal data being transferred abroad?

We process personal data primarily in Switzerland. However, it is possible that we transfer your personal data to contracted service providers abroad for the purpose of using isolated software services (e.g. for video conferences, etc.) and for the fulfillment of the data processing activities described in this Privacy Policy. These service providers and third parties are generally bound by data protection obligations to the same extent as we are. To the extent that the level of data protection in a country is not equivalent to that in Switzerland, we will only transfer your personal data abroad based on consent, adequacy decision, standard contractual clauses, or if it is necessary for the performance of a contract or the enforcement of legal claims. In particular, personal data is processed by third-party service providers in Albania and Switzerland as part of the operating of the SWA Website (e.g. securing and functions of the SWA Website). We have concluded contractual arrangements with such third parties to ensure an appropriate level of data protection.

For the sake of completeness, we would like to point out to SWA Website visitors residing or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities that generally allow the storage of all personal data of all persons, whose data has been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception on the basis of the objective pursued and without an objective criterion that makes it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that justify the interference associated with both access to this data and its use. We would also like to point out that there are no legal remedies available in the USA for data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation in order to enable you to make an appropriately informed decision to consent to the use of your data.

We would like to point out to users residing in a member state of the EU or Switzerland that, from the perspective of Switzerland and the European Union, the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. Insofar as we have explained in this Privacy Policy that recipients of data (such as Google Analytics) are based in the USA; we will ensure by means of suitable guarantees and technical and organisational measures that your data is protected with an adequate level of data protection by our partners.

G) How long do we store personal data?

In principle, we only store your personal data for as long as is necessary for the purposes described in the Privacy Policy or for as long as there is a statutory or officially ordered retention or documentation obligation. We may also store your data for as long as we have an overriding interest in doing so. For example, we have an overriding private interest if we store your contact details in our contact database in order to work with you again in the future or to stay in touch for other reasons.

H) What are your rights as a data subject?

You have the right to receive information about your personal data processed by us upon request. In addition, you have the right to have incorrect personal data corrected and to have your personal data deleted, provided that this does not conflict with any statutory or officially mandated retention or documentation obligations or authorisation (e.g. an overriding private interest). You also have the right to have an objection notice attached. You also have the right to request that we return the personal data that you have transmitted to us. On your instruction, we will also pass on your personal data to a third party of your choice. You also have the right to receive the digitally transmitted personal data in a standard file format. You can contact us for the aforementioned purposes at the above-mentioned email address. Please note that legal and/or contractual requirements and exceptions apply to these rights. To the extent permitted or required by law, we may refuse requests to exercise these rights. For example, we may have to retain or otherwise continue to process personal data for legal reasons despite requests to erase or restrict processing.

I) How secure is your personal data?

We use suitable technical and organisational security measures to protect your personal data stored by us against manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are continuously reviewed and improved in line with technological developments. We would like to point out that we may use external IT service providers and cloud providers with servers in Switzerland in the course of our mandate management. We then use certain IT services and means of communication that may be associated with data security risks (e.g. e-mail, video conferencing, etc.). If you use such means of communication with us, we assume that you accept the associated data security risks. Should you require special security measures, please inform us accordingly.

J) Can this Privacy Policy be amended?

This Privacy Policy provides information about the type, scope and purpose of the use of personal data by us. We reserve the right to unilaterally amend the content of the aforementioned Privacy Policy at any time and without prior notice. This Privacy Policy was last amended on 20 October 2023.