With this Privacy Policy we inform which personal data we process in connection with our activities and activities including our taxreturnswitzerland.ch website. In particular, we provide information on what personal data we process, for what purpose, how and where. We also provide information about the rights of persons whose data we process.
Individual or additional activities and operations may be subject to further data protection declarations as well as other legal documents such as general terms and conditions (GTC), terms of use or conditions of participation.
We are subject to Swiss data protection law as well as any exceptionally applicable foreign data protection law, such as in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. Contact addresses
Responsibility for the processing of personal data:
Tax Return Switzerland
Rene Steiner&Partner Gmbh
Brühlmattweg 1, 4107 Ettingen
Switzerland
info@taxreturnswitzerland.ch
We point out if there are other responsible parties for the processing of personal data in individual cases.
Data protection representation in the European Economic Area (EEA)
We have the following data protection representation in accordance with Art. 27 DSGVO. The data protection representation serves supervisory authorities and data subjects in the European Union (EU) and the rest of the European Economic Area (EEA) as an additional point of contact for inquiries relating to the General Data Protection Regulation (GDPR):
2. Terms and Legal Bases
2.1 Terms
Personal data is all information that relates to an identified or identifiable individual. A data subject is a person about whom personal data is processed.
Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, acquisition, collection, deletion, storage, modification, destruction and use of personal data.
The European Economic Area (EEA) includes the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal basis
We process personal data in accordance with Swiss data protection law, such as in particular the Federal Data Protection Act (DSG) and the Ordinance to the Federal Data Protection Act (DSV).
We process – if and to the extent that the General Data Protection Regulation (GDPR) is exceptionally applicable – personal data in accordance with at least one of the following legal bases:
• Art. 6 para. 1 lit. b DSGVO for the necessary processing of personal data for the performance of a contract with the data subject as well as for the implementation of pre-contractual measures.
• Art. 6 para. 1 lit. f DSGVO for the necessary processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests include, in particular, our interest in being able to carry out and communicate about our activities and operations in a sustainable, user-friendly, secure and reliable manner, ensuring information security, protecting against misuse, enforcing our own legal claims and complying with Swiss law.
• Art. 6 para. 1 lit. c DSGVO for the necessary processing of personal data to comply with a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
• Art. 6 para. 1 lit. c DSGVO. Art. 6 para. 1 lit. e DSGVO for the necessary processing of personal data for the performance of a task carried out in the public interest.
• Art. 6 para. 1 lit. a DSGVO for the processing of personal data with the consent of the data subject.
• Art. 6 para. 1 lit. d DSGVO for the necessary processing of personal data to protect vital interests of the data subject or another natural person.
3. Nature, scope and purpose
We process those personal data that are necessary to carry out our activities and operations in a durable, user-friendly, secure and reliable manner. In particular, such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data as well as contract and payment data.
We process personal data for the period that is required for the respective purpose(s) or by law. Personal data whose processing is no longer required will be anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are, in particular, specialized providers whose services we use. We also ensure data protection with such third parties.
We only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons. Processing without consent may be permissible, for example, for the fulfillment of a contract with the data subject and for corresponding pre-contractual measures, in order to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information.
In this context, we process in particular information that a data subject voluntarily provides to us when contacting us – for example, by letter, e-mail, instant messaging, contact form, social media or telephone – or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system) or with comparable tools. If we receive data about other persons, the transmitting persons are obligated to ensure data protection vis-à-vis these persons as well as to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, insofar as and to the extent that such processing is permitted for legal reasons.
4. Applications
We process personal data about applicants to the extent that it is required for assessing their suitability for an employment relationship or for the subsequent execution of an employment contract. The required personal data results in particular from the information requested, for example in the context of a job advertisement. We also process personal data that applicants voluntarily provide or publish, in particular as part of cover letters, resumes and other application documents as well as online profiles.
We process – if and to the extent that the General Data Protection Regulation (GDPR) is applicable by way of exception – personal data about applicants in particular in accordance with Art. 9 para. 2 lit. b GDPR.
5. Personal data abroad
We process personal data in principle in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer Personal Data to other countries, in particular to process it or have it processed there.
We may export Personal Data to all states and territories on Earth as well as elsewhere in the universe, provided that the law there is compliant according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) or in accordance with Decision of the Swiss Federal Council, and – if and to the extent that the General Data Protection Regulation (GDPR) is exceptionally applicable – in accordance with Decision of the European Commission.
We may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other appropriate safeguards. By way of exception, we may export personal data to countries without adequate or appropriate data protection if the special data protection law requirements for this are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will be happy to provide data subjects with information about any guarantees or provide a copy of any guarantees.
6. Rights of data subjects
Data subjects about whom we process personal data have rights under Swiss data protection law. These include the right to information as well as the right to rectification, deletion or blocking of the personal data processed.
Data subjects whose personal data we process may – if and to the extent that the General Data Protection Regulation (GDPR) is exceptionally applicable – request confirmation free of charge as to whether we are processing personal data relating to them. In this case, data subjects may request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability, and have their personal data corrected, deleted (“right to be forgotten”), blocked or completed.
Data subjects whose personal data we process may – if and insofar as the GDPR applies by way of exception – revoke consent given at any time with effect for the future and object to the processing of their personal data at any time.
Data subjects about whom we process personal data have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Swiss Federal Data Protection and Information Commissioner (FDPIC).
7. Data Security
We implement appropriate technical and organizational measures to ensure the security of data in line with the associated risks. However, we cannot provide an absolute guarantee of data security.
Our website utilizes transport encryption (SSL/TLS) for secure access, particularly through the use of HTTPS. Most browsers indicate the presence of transport encryption with a padlock icon in the address bar.
It is important to note that our digital communication, like virtually all digital communication, is subject to surveillance without cause or suspicion, as well as other monitoring by security authorities in Switzerland, Europe, the United States, and other countries. We do not have direct control over the processing of personal data by intelligence agencies, law enforcement agencies, and other security authorities.
8. Website Usage
8.1 Cookies
We may employ the use of cookies, both our own (first-party cookies) and those from third parties whose services we utilize (third-party cookies). Cookies are data that are stored in the browser and are not limited to traditional text-based cookies.
Cookies can be stored temporarily as “session cookies” or for a specific period as “permanent cookies.” Session cookies are automatically deleted when the browser is closed, while permanent cookies have a designated storage duration. Cookies enable us to recognize a browser upon its subsequent visits to our website, allowing us to measure the reach of our website, among other things. Permanent cookies can also be used for online marketing purposes.
You have the option to completely or partially deactivate and delete cookies through your browser settings. However, please note that without cookies, our website may not be fully accessible. We actively seek explicit consent, if necessary, for the use of cookies.
For cookies used for performance and reach measurement, as well as advertising purposes, you can generally opt-out of numerous services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
For each access to our website, we may record the following information, provided that it is transmitted to our server infrastructure by your browser or can be determined by our web server: date and time (including time zone), Internet Protocol (IP) address, access status (HTTP status code), operating system (including user interface and version), browser (including language and version), individual sub-page accessed (including data transferred), and the previously accessed website in the same browser window (referer or referrer).
We store this information, which may also include personal data, in server log files. The information is necessary to ensure the continuous, user-friendly, and reliable provision of our website, as well as to maintain data security and protect personal data, including from third parties or with the assistance of third parties.
8.3 Tracking Pixels
We may utilize tracking pixels, also known as web beacons, on our website. Tracking pixels, including those from third parties whose services we use, are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can collect the same information as server log files.
9. Notifications and Messages
We send notifications and messages via email and other communication channels such as instant messaging or SMS.
9.1 Performance and Reach Measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked. These web links and tracking pixels may also track the usage of notifications and communications on a personal basis. We require this statistical usage data for performance and reach measurement purposes, enabling us to effectively and user-friendly deliver notifications and messages based on the recipients’ needs and reading habits, while maintaining their security and reliability.
9.2 Consent and Objection
Unless the use of your email address and other contact addresses is permitted for other legal reasons, you must provide explicit consent for their use. Whenever possible, we utilize the “double opt-in” procedure, which involves sending you an email with a web link that you must click to confirm, thereby preventing unauthorized third-party misuse. For evidence and security purposes, we may log such consents, including the Internet Protocol (IP) address, date, and time.
You have the right to object to receiving notifications and communications, such as newsletters, at any time. By exercising this objection, you can also opt-out of the statistical usage data collection for performance and reach measurement. However, certain notifications and communications related to our activities and operations may still be necessary.
9.3 Service Providers for Notifications and Communications
We utilize specialized service providers to send notifications and communications.
10. Social Media
We maintain a presence on social media platforms and other online platforms to engage with interested individuals and provide them with information about our activities and operations. Personal data may be processed outside of Switzerland and the European Economic Area (EEA) in connection with these platforms.
The terms and conditions, terms of use, privacy policies, and other provisions of the respective platform operators apply in each case. These provisions provide information regarding the rights of data subjects concerning the respective platform, which may include
11. Third Party Services
In order to ensure the durability, user-friendliness, security, and reliability of our activities and operations, we rely on specialized third-party services. These services enable us to incorporate features and content into our website. When such embedding occurs, the services used may temporarily record users’ Internet Protocol (IP) addresses for technical reasons.
For essential security, statistical, and technical purposes, the third-party services we utilize may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized format. This may include performance or usage data that allows us to provide the respective services.
Specifically, we utilize the following services:
– Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland. For more information on data protection, please refer to Google’s “Privacy and Security Principles,” Privacy Policy, “Google is committed to complying with applicable data protection laws,” “Privacy Guide in Google Products,” “How we use data from websites or apps where our services are used” (disclosures by Google), “Cookie types and other technologies used by Google,” and “Personalized advertising” (enable/disable/settings).
– Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland. For more information on data protection, please refer to Microsoft’s “Data protection at Microsoft” and “Data protection (Trust Center)” as well as their Privacy Policy.
11.1 Digital Infrastructure
To support our activities and operations, we rely on specialized third-party services to provide the necessary digital infrastructure. This includes hosting and storage services from selected providers.
For more detailed information, please contact us via email.
11.2 Contact Options
To enhance communication with third parties, including potential and existing customers, we utilize services from selected providers.
11.3 Digital Audio and Video Content
We utilize specialized third-party services to enable direct playback of digital audio and video content, such as music or podcasts.
Specifically, we utilize:
– YouTube: Video platform; Provider: Google. For YouTube-specific information, please refer to their “Privacy and Security Center” and “My Data on YouTube.”
11.4 Fonts
To incorporate selected fonts, icons, logos, and symbols into our website, we rely on third-party services.
Specifically, we utilize:
– Google Fonts: Fonts; Provider: Google. For Google Fonts-specific information, please refer to “Privacy and Google Fonts” and “Privacy and Data Collection.”
– MyFonts (by Monotype): Fonts; Provider: Monotype Imaging Holdings Inc (USA) / MyFonts Inc (USA). For privacy disclosures, please refer to “Your Privacy,” Privacy Policy, and “Web Font Tracking Privacy Policy.”
11.5 E-Commerce
As part of our e-commerce activities, we utilize third-party services to effectively deliver services, content, or merchandise.
Specifically, we utilize:
– Getback: “Conversion Optimization Technology,” for example, for shopping cart reminders; Provider: adfocus GmbH (Switzerland). For data protection information, please refer to their Privacy Policy and “How Getback Works.”
11.6 Advertising
We take advantage of targeted advertising opportunities on third-party platforms, such as social media platforms and search engines, to promote our activities and operations.
Our goal is to reach individuals who are already interested in or might be interested in our activities and operations (remarketing and targeting). To achieve this, we may share relevant, possibly personal, information with third parties that facilitate such advertising. Additionally, we can assess the effectiveness of our advertising campaigns, particularly in terms of driving website visits (Conversion Tracking).
Please note that when you are logged in as a user on platforms where we advertise, those platforms may associate your use of our online offerings with your profile.
Specifically, we utilize:
– Facebook advertising (Facebook Ads): Social media advertising; Provider: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA). For data protection information, including remarketing and targeting with the Facebook Pixel and Custom Audiences including Lookalike Audiences, please refer to their privacy policy and “advertising preferences” (user registration required).
– Google Ads: Search engine advertising; Provider: Google. For Google Ads-specific information, including advertising based on search queries using various domain names such as doubleclick.net, googleadservices.com, and googlesyndication.com, please refer to “Advertising” (Google) and “Why am I seeing a particular ad?”
– LinkedIn Ads: Social media advertising; Provider: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland). For privacy disclosures, including remarketing and targeting, please refer to their documentation.
12. Participation in Affiliate Programs
We participate in affiliate programs, which involve two aspects. Firstly, we may receive compensation for referring or linking to third-party offers. Secondly, we may compensate third parties for referring to our activities and operations or linking to our online offerings (affiliate marketing). In this context, we may collect, on a personal basis, information about the offers that are taken up and the web links that are followed.
13. Website Extensions
To enhance our website’s functionality, we utilize extensions that provide additional features.
Specifically, we utilize:
– Google reCAPTCHA: Spam protection that distinguishes between genuine comments from humans and unwanted comments from bots or spam. Provider: Google. For more information about Google reCAPTCHA, please refer to “What is reCAPTCHA?”
14. Performance and Reach Measurement
To assess how our online offerings are used, we employ services and programs for performance and reach measurement. This enables us to measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. Additionally, we can conduct A/B tests to compare different versions of our online offerings or specific parts of our online offerings. Based on the results of performance and reach measurement, we can address errors, enhance popular content, and improve our online offerings.
When using services and programs for performance and reach measurement, we store the Internet Protocol (IP) addresses of individual users. IP addresses are generally anonymized through IP masking to prioritize data minimization and enhance user data protection.
Cookies may be employed, and user profiles may be created when utilizing services and programs for performance and reach measurement. User profiles may include information such as visited pages, viewed content, screen size, browser window size, and approximate location. User profiles are strictly pseudonymous and are not used for identifying individual users. If users are registered with specific third-party services, those services may associate the use of our online offerings with the user’s account or profile.
Specifically, we utilize:
– Google Analytics: Performance and reach measurement. Provider: Google. Google Analytics-specific information includes cross-device tracking and pseudonymized IP addresses. In exceptional cases, full IP addresses are transmitted to Google in the USA. For more information, please refer to their “Privacy Policy” and the “Browser Add-on to disable Google Analytics.”
– Google Tag Manager: Integration and management of various services for performance and reach measurement, as well as other services from Google and third parties. Provider: Google. For information about data collected with Google Tag Manager, please refer to the respective integrated and managed services’ privacy policies.
15. Final Provisions
We reserve the right to modify and supplement this privacy policy as needed. Any adjustments and additions will be communicated appropriately, particularly by publishing the updated privacy policy on our website.