PRIVACY POLICY

The following text is intended to provide you information concerning how we process your personal data in connection with our website.

CONTROLLER

Eskpert SA

Case postale 46
40, ch.des Pralies
CH-1279 Bogis-Bossey
info@ekspert.ch

CONTACT THE DATA PROTECTION OFFICER

GDPR@ekspert.ch

WHEN DO WE PROCESS WHAT PERSONAL DATA

We process your personal data in the situations set out below:

  • When you visit our website, the browser in use on your device automatically sends information to our website’s server. This information is stored temporarily in a so-called “log file”. As part of this process, the following information is collected without action on your part and stored until it is automatically erased:
  • IP address of the referring computer;
  • Date and time of access;
  • Name and URL of files accessed;
  • Website from which access was initiated (referrer URL);
  • Browser used and, if applicable, your computer’s operating system as well as the name of your service provider.
  • In addition, we use cookies and analytical services when you visit our website. More information on this topic is included under the heading “Analytical tools”.
  • In the case of any questions, we offer you the opportunity to contact us using a form available on the website. You must include a valid e-mail address and your name on the contact form so that we know who sent the request and are able to respond. Additional information may be provided on a voluntary basis.
  • If you are interested in sending us an application in response to an advertised vacancy or as an unsolicited application, we will process any documents you send us along with your personal data.

In the case of unsolicited applications, we require your name, address and other contact details, date and place of birth, citizenship and documents related to your qualifications. In addition, you may send us other information on a voluntary basis that you believe may be beneficial in connection with evaluating an employment relationship with us.

  • Should you be an employee of our customer, you can view your payslip online in our portal and download this. It goes without saying that we as the order processor of your employer comply with all data protection regulations and provide technical and organisational measures in order to protect your data to the greatest degree possible. The data which is entered during the course of the registration carried out by us which can be viewed in the entry mask of the registration form (login name / password) and the data which can be found in the portal is only gathered and saved for the use of our services. We also gather protocol data such as your IP address and the date and time of your registrations, in order to spot any attempts at fraud.

PURPOSE OF DATA PROCESSING

We use personal data you have actively provided us only for the specifically agreed purpose and only to the extent necessary.

  • We process such data for the following purposes:
    • To ensure a smooth connection to the website
    • To ensure convenient use of our website;
    • To evaluate system security and stability as well as or additional administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.

Our legitimate interest follows from the purposes listed above for data collection.

Under no circumstances do we use the data collected for the purpose of

identifying you personally.

  • Data processing for the purpose of contacting us is carried out in the context of authorised steps prior to entering into a contract in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR. When a contract is concluded, the data can be entered into our customer support system. Data is not processed for any other purposes.
  • Data processing for the purpose of sending product information is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b) & f) GDPR as part of authorised steps prior to entering into a contract. You will be added to our customer database and contacted.
  • Data processing serves the purpose of establishing and implementing an employment relationship in accordance with Art. 88 GDPR in conjunction with § 26 Federal Data Protection Act (BDSG). In the event of a positive decision, your personal data is included in our personnel file and is used for purposes of the “employee administration” process.
  • Should you be registered with us, we use your data in order to manage your account and to provide your payslips and to cover ourselves in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) GDPR should a third party misuse your data and log into our site with this data without your knowledge.

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Your personal data will not be transferred to third parties for purposes other than those listed below to the following categories of recipients:

We will only share your personal data with third parties if:

  • You have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR;
  • Disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
  • In the event that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR, and
  • This is legally permissible and is necessary for the management of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.
  • Data will only be transferred to third countries if you have given your consent.

PERIOD FOR WHICH PERSONAL DATA IS STORED

  • Cookies are stored in your browser as so-called session cookies so that your browser automatically deletes them after leaving our website. In this case, the duration of storage depends on the technical functionality of the browser you are using.
  • Personal data transmitted to us in connection with a contact request on our website will only be stored for the time needed to process the request. When a contract is concluded, the data you provide may be regularly stored in our customer support system for 10 years, unless there is another legal obligation that obliges us to store it for a longer period of time.
  • In the case of a

Rejection: Personal data collected will be stored for at least three months. The longest storage period is a maximum of six months.

Hiring: Our retention periods apply. The information you are entitled to will be provided to you upon hiring.

  • Personal data transmitted to us in connection with registration on our website will only be stored for as long as the account is active. When a contract is concluded, the data you provide may be regularly stored in our customer support system for 10 years, unless there is another legal obligation that obliges us to store it for a longer period of time
  • Please note that we delete your data if their storage is inadmissible (especially if the data is incorrect and correction is not possible). Data will be blocked rather than erased if legal or actual barriers prevent erasure (e.g. special storage obligations due to commercial and tax regulations).

RIGHT TO OBJECT

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to GDPR@ekspert.ch

RIGHT TO INFORMATION, RECTIFICATION, ERASURE, RESTRICTION

Data subjects have the right to receive information concerning their personal data as well as the right to rectification, erasure or restriction of processing. Furthermore, data subjects have the right to object to processing.

RIGHT TO DATA PORTABILITY

Data subjects have a right to data portability.

RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITIES

You have the right to lodge a complaint with the supervisory authorities.

PROVIDING PERSONAL DATA

You are under no legal obligation to provide personal data.

AUTOMATED DECISION-MAKING, INCLUDING PROFILING

Under certain circumstances, an automated profile can be created with the aim of evaluating personal aspects. We use these profiling measures in the following cases:

On the basis of legal and regulatory requirements, we are obliged to combat money laundering, terrorist financing and financial crimes. Data analyses (e.g. comparison to legally prescribed lists) are also carried out.

ANALYTICAL TOOLS

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, nor do they contain viruses, Trojans or other malware.

Information is stored in the cookie that is created in connection with the specific device you are using. However, this does not mean that we receive direct information regarding your identity.

The use of cookies serves on the one hand to make the use of our website more attractive for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These will be deleted automatically after leaving our site.

In addition, we also use temporary cookies that are stored on your device for a specified period of time to optimise user-friendliness. If you visit our site again to use our services, it will automatically recognise that you have already visited us and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and for evaluation purposes in order to optimise our website for your use (see Section 5). These cookies enable us to automatically recognise that you have already visited our website upon any future visits. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you will not be able to use all the features of our website.

DATA PROTECTION DECLARATION GOOGLE MAPS

This website uses the product Google Maps of Google Inc. By means of your use of this website, you are declaring your agreement to the recording, processing and use by Google, its representatives and third parties of the data which is gathered automatically.

The use of « Google Maps » and the information obtained via « Google Maps » takes place in accordance with the terms and conditions of use of Google

http://www.google.de/intl/de/policies/terms/regional.html

and the additional terms and conditions of business for « Google Maps »

https://www.google.com/intl/de_de/help/terms_maps.html.

ANALYSIS TOOLS

Tracking Tools

The tracking measures listed below and used by us are carried out in on the basis of Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. By means of the tracking measures which are used, we wish to ensure that our website is tailored to customer requirements and constantly optimised. We also use the tracking measures in order to statistically record the use of our website and in order to evaluate this for the purpose of optimising our services for you. These interests are considered to be legitimate under the regulation referred to above.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Social media plugins

On the basis of Article 6 Paragraph 1 Sentence 1 Letter f) GDPR, we use social plugins of the social networks Facebook, Twitter and Instagram, in order to raise awareness of our company. The underlying promotional purpose is considered to be a legitimate interest under the GDPR. The responsibility for operation in accordance with data protection laws must be ensured by the respective provider. The inclusion of these plugins by takes place in the course of the so-called double click method in order to protect visitors to our website as best as possible.

Facebook

Social media plugins of Facebook are used on our website, in order to make the use of it more personal. For this purpose, we use the « LIKE » or « SHARE » button. This is a service provided by Facebook.

Should you access a site of our Internet presence which contains such a plugin, your browser establishes a direct connection to the servers of Facebook. The content of the plugin is transferred directly to your browser by Facebook and integrated into the website by this.

By means of the inclusion of the plugin, Facebook is informed that your browser has accessed the corresponding site of our Internet presence, even if you do not hold a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transferred directly by your browser to a server of Facebook in the USA and saved there.

Should you be logged in to Facebook, Facebook can directly assign the visit to our website to your Facebook account. Should you interact with the plugins, for example by clicking on the « LIKE » or « SHARE » button, the corresponding information is also transferred directly to a server of Facebook and saved there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook can use this information for the purposes of advertising, market research and designing the Facebook pages in accordance with customer requirements. For this purpose, use, interest and relationship profiles are created by Facebook, for example in order to evaluate your use of our website in relation to the adverts included in your Facebook profile, to inform other Facebook users of your activities on our website and to provide other services connected to the use of Facebook.

Should you not wish for Facebook to assign the data gathered via our web presence to your Facebook account, you need to log out of Facebook before visiting our website.

The purpose and scope of the data gathering and the further processing and use of the data by Facebook and your rights and settings options in this respect in order to protect your private sphere can be found in the data protection notices of Facebook

(https://www.facebook.com/about/privacy/).

Twitter

Plugins of the messaging network of Twitter Inc (Twitter) are integrated into our Internet sites. The Twitter plugins (tweet button) can be recognised from the Twitter logo on our site. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons).

Should you access a site of our Internet presence which contains such a plugin, a direct connection is established between your browser and the Twitter server. By means of this, Twitter is informed that you have visited our site with your IP address. Should you click on the Twitter « tweet button » whilst you are logged into your Twitter account, you can link the contents of our sites to your Twitter profile. By means of this, Twitter can assign your visit to our sites to your user account. We wish to point out that as the provider of the sites, we are not informed of the content of the transferred data or its use by Twitter.

Should you not wish for Twitter to be able to assign the visit to our sites, please log out of your Twitter user account.

You can find more information in this respect in the data protection declaration of Twitter (https://twitter.com/privacy).

LinkedIn

We use components of the network LinkedIn on our site. LinkedIn is a service of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time our website which contains such components is accessed, these components make the browser used by you download a corresponding display of the components of LinkedIn.

By means of this process, LinkedIn is informed which concrete site of our Internet presence is currently being visited. Should you click on the LinkedIn « recommend button » whilst you are logged into your LinkedIn account, you can link the contents of our sites to your LinkedIn profile. By means of this, LinkedIn is able to assign the visit to our sites to your LinkedIn user account.

We have no influence over the data which LinkedIn gathers in the process or other the scope of this data which is obtained by LinkedIn. We also have no knowledge of the content of the data which is transferred to LinkedIn. Details concerning the data gathering by LinkedIn, as well as your rights and settings options can be found in the data protection notices of LinkedIn. You can find these notices at: http://www.linkedin.com/legal/privacy- policy

DATA SECURITY

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. In most cases, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a particular page of our website is transmitted in encrypted form is indicated by showing a locked key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in keeping with technological developments.

GOOGLE FONTS

We use « Google Fonts » on our website. These are fonts of the provider Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – « Google »). We do this so that our Internet presence can be loaded as seamlessly and clearly as possible.

For the purpose of the display, a connection is established between your browser and the server of Google. The content of this communication is the IP address. The legal basis for the processing actions named above is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR, by means of which we claim our legitimate interest in a standardised display.

You can find the opt out option in this respect here:

https://adssettings.google.com/authenticated. You can also send your objection in this respect to us at any time.

Further information concerning data protection at Google can be found at: https://www.google.com/policies/privacy/

Data Processing for applicants

Notice on data processing

In order to meet our information requirements outlined in Articles 12, 13 of the General Data Protection Regulation (GDPR) in relation to your application, we would like to make our information on data protection available to you here:

Who is in charge of data processing?

The person and / or entity in charge in the sense of the General Data Protection Regulation is the following:

ekspert SA
Ch. des Pralies 40, Case postale 46
1279 Bogis-Bossey
Tél. +41 22 960 18 61
info@ekspert.ch

Which of your data is processed by us? And for what purposes?

If we have received data from you, we will as a matter of principle only use if for the purposes for which you have provided said data or for which said data has been collected.

These purposes usually include:

  • Basis and implementation of an employment relationship in the course of an application process initiated by yourself or in response a vacancy advertised.
  • Entry into our applicant pool.

This data usually includes:

  • First name / surname
  • Address
  • Date of birth
  • Email address
  • Earliest start date
  • Qualification documents

In addition to this, you may provide data voluntarily that, in your view, may be beneficial to the formation of the employment relationship between you and us.

Data processing for other purposes only becomes an option when this is based on the legal guidelines required in accordance with Article 6, Paragraph 4 GDPR. It goes without saying that we will respect any and all information requirements arising from Article 13, Paragraph 3 GDPR and Article 14, Paragraph 4 GDPR.

What is the legal basis for this?

The legal basis for the processing of personal data is general the contractual relationship in accordance with Article 6 Paragraph 1 lit. b GDPR in relation to Article 88 GDPR and Article 26 of the German Federal Data Protection Act (BDSG). Should your application be successful, your personal data shall be entered into our personnel file, and it shall be used for the purpose of “personnel management” processes. Should your application not be successful, we shall retain your data in our talent pool on the basis provided by Article 6 Paragraph 1 lit. f GDPR, provided that your profile should continue to be of interest to us for future vacancies. When we process your data in this manner on the basis of balancing of interests, you as the party concerned, you have the right to object the processing of your personal data in consideration of the regulations of Article 21 GDPR. If you wish to object, please email gdpr@ekspert.ch.

For how long is this data stored?

In the event of a negative reply, personal details will be

  • stored for: A minimum of three months. The longest storage duration, in turn, is six month.
  • For further consideration: If your profile is of particular interest to us but we do not currently have any vacancies to offer you, we would like to add you to our pool of applicants. In this case, we shall store and utilise your data for a maximum of two years while we shall, however, contact you every six months in order to inform you of the data in our applicant pool. Should you not agree with this processing of your data, you may object at any time.
  • Hiring: For our staff our own retention periods apply. The information to which you are entitled shall be made available to you upon hiring.

To which recipients is this data passed on?

As a rule, personal data is not passed on to a third party.

Where is the data processed?

Your personal data is processed exclusively in data centres in the European Economic Area, and as such, the General Data Protection Regulation is applicable at all times.

Your rights as the “affected”

You have to the right of information as to the personal data processed by us for you.

Should such details be requested in non-written form, we would ask you to be understand of the fact that you may be asked to prove that you are the person whom you say you are.

Furthermore, you have the right to correction or deletion or to limitation of the processing of your data provided that you are legally entitled to this.

Furthermore, you have the right to object the processing of your data within the framework of the legal regulation. The same shall apply for the right of data portability.

Notably, you have the right to object the processing of your data in accordance with Article 21 Paragraphs 1 and 2 GDPR in relation to direct advertising when this is done on the basis of balancing of interests.

Our data protection officer

We have appointed an external data-protection officer at our company. They may be contacted in the following ways: gdpr@ekspert.ch

Right to file a complaint

You have the right to file a complaint with the regulator for data protection regarding the processing of your personal data by us.

Data Processing for Clients

Basics of data processing

We would like to hereby inform you about the use of your personal data. In order to meet our information requirements outlined in Articles 12, 13 of the General Data Protection Regulation (GDPR), we would like to make our information on data protection available to you here:

Who is in charge of data processing?

The person and / or entity in charge in the sense of the General Data Protection Regulation is the following:

ekspert Deutschland GmbH Berliner Allee 26 13088 Berlin Germany +49 (0) 30 364281831 info.de@ekspert.de

Which of your data is processed by us? And for what purposes?

If we have received data from you, we will as a matter of principle only use it for the purposes for which you have provided said data or for which said data has been collected.

These purposes usually include:

  • Communication and fulfilment of contracts
  • Information on our products and services
  • Payroll accounting for clients
  • Financial accounting for clients
  • Administrative service
  • Personnel management for clients
  • Tasks carried out by our Swiss-based site: Money movement

This data usually includes:

  • Contact details (e.g. email address, telephone number, mobile phone number, …)
  • Your master data (e.g. name, surname, title, form of address, …)
  • Your employee data (e.g. surname, first name, date of birth, tax- and social security related data, …)

and other personal data that you communicate to us. Please be aware that we cannot list all the data that might potentially be collected. We only collect data that you actively communicate to us or that is in the public domain.

Data processing for other purposes only becomes an option when this is based on the legal guidelines required in accordance with Article 6, Paragraph 4 GDPR. It goes without saying that we will respect any and all information requirements arising from Article 13, Paragraph 3 GDPR and Article 14, Paragraph 4 GDPR.

What is the basis for this?

The legal grounds for the processing of personal data in its general form is provided by Article 6 GDPR – unless specific legal regulations already exist. In this context, especially the following may apply:

* Consent (Article 6 Paragraph 1 lit. a GDPR)

* Data processing for the purpose of fulfilling contracts (Article 6 Paragraph 1 lit. b) GDPR

* Data processing based on the balancing of interests (Article 6 Paragraph 1 lit. f) GDPR)

* Data processing for the purpose of fulfilling legal obligations (Article 6 Paragraph 1 lit. c) GDPR)

If personal details provided on the basis of your consent should be processed, you shall have the right to withdraw your consent with us at any time regarding future use of your data.

We justify our legitimate interest in accordance with recital 47 of the GDPR. We have a legitimate interest in informing our clients about our products and our service via communication channels. As the party concerned, you have the right to object the processing of your personal data in consideration of the regulations of Article 21 GDPR.

For how long is this data stored?

We process your data for as long as this is necessary for the purpose in question.

Should legal retention requirements exist – e.g. In trade legislation or tax legislation – then the relevant personal data will be stored for the duration of the legal retention period. Once said legal retention period has expired, we shall check whether or not the necessity of processing your data continues to exist. Should such a necessity not exist, your data shall be deleted.

As a rule, we check data towards the end of the calendar year in order to determine whether or not there is a need for its continued processing. Given the quantity of data, this examination shall be carried out regarding specific types of data or specific purposes for processing.

It goes without saying that you may (see below) Demand information regarding the data stored for you, and in the event that there is no need for your data, you may demand that said data be deleted or that its processing be limited.

To which recipients is this data passed on?

As a rule, data shall only be passed on to a third party where this is necessary in order to fulfil the contract with you, when the sharing of data based on the balancing of interests in the sense of Article 6 Paragraph 1 lit. f GDPR is permissible, when we are required by law to pass on your data or to the extent to which you have consented.

Categories of such recipients for the example of payroll for clients would be the respective healthcare providers, pension funds, social security, and tax-related authorities.

Where is the data processed?

Your personal data is processed exclusively in data centres in the European Economic Area, and as such, the General Data Protection Regulation is applicable at all times.

Your rights as the “affected”

You have to the right of information as to the personal data processed by us for you.

Should such details be requested in non-written form, we would ask you to be understanding of the fact that you may be asked to prove that you are the person whom you say you are.

Furthermore, you have the right to correction or deletion or to limitation of the processing of your data provided that you are legally entitled to this.

Furthermore, you have the right to object the processing of your data within the framework of the legal regulation. The same shall apply for the right of data portability.

Notably, you have the right to object the processing of your data in accordance with Article 21 Paragraphs 1 and 2 GDPR in relation to direct advertising when this is done on the basis of balancing of interests.

Our data protection officer

We have appointed an external data-protection officer at our company. They may be contacted in the following ways:

FKC Management Systems Consultancy LLC (GmbH)
Eschenburgstr. 5
23568 Lübeck, Germany
Email: dsgvo@ekspert.de

Right to file a complaint

You have the right to file a complaint with the regulator for data protection regarding the processing of your personal data by us.

VALIDITY AND CHANGES TO THIS PRIVACY POLICY

This data protection declaration is currently valid and is dated May 2018.

Due to the further development of our website and the services which it offers or due to amended legal regulations or rules issued by the authorities, it may become necessary to amend this data protection declaration. The respective up-to-date data protection declaration can be accessed and downloaded via the website at any time.

En visitant ce site, vous acceptez l'utilisation de cookies afin de vous proposer des services et des offres adaptés à vos préférences. En savoir plus