Privacy Policy
In this privacy policy, we, Format A AG, Wiesenstrasse 9, 8008 Zurich (hereinafter referred to as Format A/we/us/our), describe how we collect and process personal data. This privacy policy does not constitute a conclusive description; specific matters may be regulated in other declarations relating to data protection as well as the General Terms and Conditions (GTC). For the purposes of this privacy policy, personal data means any information relating to an identified or identifiable individua
1. Body responsible and contact
Unless otherwise stated in individual cases, Format A is responsible for the data processing described here. Enquiries regarding data protection may be sent to us by letter or e-mail, whereby a copy of the user's ID or passport must be enclosed for identification purposes: Format A AG, Wiesenstrasse 9, 8008 Zurich, Switzerland. Phone +41 (0)44 268 69 00 / info@format-a.ch
2. Collection and processing of personal data
We collect and process personal data in the following processing categories in particular (not exhaustive):
- Customer data of customers for whom we provide or have provided services.
- Personal data which we have received indirectly from our customers while providing the service.
- When you visit our website, when you use our newsletter.
- When participating in an event organised by us.
- During communications or visits.
- In the case of other contractual relationships, e.g. as a supplier, service provider or consultant.
- For job applications.
- If we are required to do so for legal or regulatory reasons.
- If we are carrying out our due diligence or pursuing other legitimate interests, for example to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security or enforce our rights.
More detailed information is provided in the description of the respective processing categories in point 5.
3. Categories of personal data
The
personal data we process depends on your relationship with us and the purpose
for which we process it. In addition to your contact details, we also process
other information about you or about people who have a relationship with you.
This information may also be sensitive personal data.
We collect the following categories of personal data, depending on the purpose
for which we process them (non-exhaustive list):
- Contact information (e.g. surname, first name, address, telephone number, e-mail).
- Customer information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV [Swiss social security] number).
- Risk assessment data (e.g. credit rating information, commercial register data).
- Financial information (e.g. data on bank accounts, investments or shareholdings).
- Client engagement data, depending on the mandate (e.g. tax information, articles of association, minutes, projects, contracts, employee data (e.g. salary, social security), accounting data, beneficial owners, ownership structure).
- Website data (e.g. IP address, device information (UDI), browser information, website usage (analysis and use of plugins, etc.).
- Job application data (e.g. CV, references).
- Marketing information (e.g. newsletter registration).
- Security and network data (e.g. visitor lists, access controls, network and mail scanners, telephone call lists).
Insofar as it is permitted by law and necessary for the provision of our services, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, internet) or receive such data from our customers and their employees, from authorities, (arbitration) courts and other third parties. In addition to the data about you that you give us directly, the categories of personal data about you that we receive from third parties include, in particular, information from public registers, information that we acquire in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, credit information, information about you that is given to us by people close to you (family, friends and acquaintances) (e.g. so that we can conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information, information about you provided to us by people close to you (family, advisors, legal representatives, etc.) so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney), information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours on the utilisation or provision of services by you (e.g. payments or purchases made), information from the media and Internet on your person (insofar as this is indicated in the specific case, e.g. in the context of a job application, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location details).
4. Purposes of data processing and legal basis
4.1. Provision of services
We primarily process the personal data which we receive from our customers and business partners in the context of our client relationships and other contractual relationships respectively as well as from other individuals involved in these relationships.
Our customers’ personal data comprises, in particular, the following information:
- Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information).
- Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number, family circumstances, etc.).
- Risk assessment data (e.g. credit rating information, commercial register data, sanctions lists, specialised databases, data from the internet).
- Financial information (e.g. data on bank accounts, investments or shareholdings).
- Client engagement data, depending on the mandate, e.g. tax information, articles of association, minutes, employee data (e.g. salary, social security), accounting data, etc.
- Particularly sensitive personal data: This personal data may also include sensitive personal data, such as data relating to health, religious beliefs or social assistance measures, particularly if we provide payroll processing or accounting services.
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Conclusion or execution of a contract with, or for the benefit of, the data subject, including contract initiation and possible enforcement (e.g. advice, fiduciary services).
- Fulfilment of a legal obligation (e.g. if we perform our duties as a financial intermediary or are obliged to disclose information).
- Safeguarding legitimate interests, (e.g. for administrative purposes, to improve our quality, ensure safety, manage risk, enforce our rights, defend ourselves against claims, or to check for possible conflicts of interest).
- Consent (e.g. to send you marketing information).
4.2 Indirect data processing from service provision
When we provide services to our customers, we may also process personal data that we have not collected directly from the data subjects or personal data from third parties. These third parties are usually employees, contacts, family members or individuals who have a relationship with the customers or data subjects for other reasons. We need this personal data to fulfil contracts with our customers. We receive this personal data from our customers or from third parties engaged by our customers. Third parties whose information we process for this purpose will be informed by our customers that we are processing their data. Our customers may refer to this privacy policy for this purpose.
The personal data of the individuals who have a relationship with our customers constitutes, in particular, the following information:
- Contact information (e.g. surname, first name, address, telephone number, e-mail, other contact information, marketing data).
- Personal information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number, family circumstances, etc.).
- Financial information (e.g. data on bank accounts, investments or shareholdings).
- Client engagement data, depending on the mandate, e.g. tax information, articles of association, minutes, employee data (e.g. salary, social security), accounting data.
- Particularly sensitive personal data: This personal data may also include sensitive personal data, such as data relating to health, religious beliefs or social assistance measures, particularly if we provide payroll processing or accounting services.
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Conclusion or execution of a contract with, or for the benefit of, the data subject (e.g. when we perform our contractual obligations).
- Fulfilment of a legal obligation (e.g. if we perform our duties as auditors or are obliged to disclose information).
- Safeguarding legitimate interests, particularly our interest in providing our customers with an optimum service.
4.3. Use of our website
No personal data needs to be disclosed in order to use our website. The website may contain links to other internet sites. Please note that we have no control over how such websites collect, store or use your information. We recommend reviewing the privacy policy of the respective website carefully before submitting your data.
The data we collect:
- Subject to clause 4.3.1, we do not collect any personal data from you. We do not place cookies on your computer or device.
- When you send us an e-mail, we may collect your name, e-mail address and any other information you provide to us.
- We collect data on each access to the web server based on our legitimate interests. The access data includes the name of the accessed domain, the date and time of the access, log information such as log type, version, the desired action, status codes or information on the transferred data (e.g. the size of a question or an answer), error messages, language and version of the browser software, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
- Log file information is temporarily stored to track and solve technical problems, to find human-caused errors, fend off attacks on the server infrastructure, support analyses of hacked websites, compile visitor statistics as well as for security reasons (e.g. to clarify acts of abuse or fraud). The data remains on the systems until the operational necessity ceases and the legally or contractually stipulated time limits expire, after which it is automatically deleted. For most data, this is a maximum of six months.
Data whose further retention is required for the purposes of evidence is exempt from deletion until the respective incident is finally clarified.
4.3.1. Use of your data
Insofar as we collect personal data, it will only be processed and stored for as long as necessary based on the purpose for which it was collected. We will comply with our obligations and uphold your rights under the German Federal Data Protection Act [DSG] and/or GDPR at all times. For further details on security, see section 6.3, below.
As mentioned above, we usually do not collect personal data. If you contact us and we receive your personal data from your e-mail, we may use it as follows:
- To reply to your e-mail.
- To respond to further enquiries from you.
- You have the right to revoke your consent to the use of your personal data at any time and to request its deletion.
- We do not pass on your personal data to third parties.
4.3.2. The following third-party services and contents are integrated:
We use various content or service offerings from third-party providers on the website. These include, for example, integrated videos or fonts (hereinafter referred to as "content"). For these services to function properly, the user's IP address must be retrieved and passed on to the third-party provider. The latter in turn transmits the content back to the user via the browser. Third-party providers may use pixel tags for statistical or marketing purposes. These "pixel tags" may be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offering, as well as being linked to such information from other sources.
A list of the third-party providers used on the website is provided below. Furthermore, it is specified in each case which contents are affected and where their privacy policies and further information on data processing can be viewed and the respective opt-out options accessed:
- External fonts by Fonts.com from provider Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA, https://www.fonts.com ("Fonts.com"). Fonts.com fonts are integrated by means of a server call at Monotype/Fonts.com (usually in the USA). Privacy policy: https://www.monotype.com/legal/privacy-policy
4.3.3. Safety precautions
Data security has the highest priority. Accordingly, we take organisational, contractual and technical security measures. This ensures that data is protected against loss, unauthorised access and manipulation in the best possible way.
For example, the entire data transfer process between the web browser and the web server is encrypted (SSL) for this reason.
4.4. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested individuals and to inform them of our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland.
The General Terms and Conditions (GTC) and Terms of Use as well as privacy policies and other provisions of the individual operators of such platforms also apply in each case. These provisions provide information, in particular, about the rights of data subjects directly vis-à-vis the respective platform, which includes, for example, the right to information.
4.5. Participation in events
If you attend an event organised by us, we collect personal data in order to organise and run the event and, if necessary, to send you additional information afterwards. We also use your information to inform you of other events. It is possible that you will be photographed or filmed by us at these events and that we will publish this footage internally or externally.
This involves the following information in particular:
- Contact information (e.g. surname, first name, address, telephone number, e-mail).
- Personal information (e.g. profession, function, title, employer company, eating habits).
- Pictures or videos.
- Payment information (e.g. bank details).
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Fulfilment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (enabling participation in the event).
- Safeguarding legitimate interests (e.g. holding events, disseminating information about our event, providing services, efficient organisation).
- Consent (e.g. to send you marketing information or to create visual material).
4.6. Direct communication and visits
When you contact us (e.g. by phone, e-mail or chat) or when we contact you, we process the necessary personal data. We also process this personal data when you visit us. In this case, you may be required to provide your contact details before your visit or on arrival at reception. We keep this information for a certain period of time to protect our infrastructure and information.
We use the Microsoft Teams service to conduct
telephone conferences, online meetings, video conferences and/or webinars
("online meetings").
We process the following information in particular:
- Contact information (e.g. surname, first name, address, telephone number, e-mail).
- Metadata to the communication (e.g. IP address, duration of communication, communication channel).
- Recordings of conversations, e.g. during video conferences.
- Other information uploaded, provided or created by the user during the use of the video conferencing service and metadata used for the maintenance of the service provided. Additional information about the processing of personal data by Microsoft Teams is provided in their privacy policies.
- Personal information (e.g. profession, function, title, employer company).
- Time and reason for the visit.
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Fulfilment of a contractual obligation with, or for the benefit of, the data subject, including contract initiation and possible enforcement (provision of a service).
Safeguarding legitimate interests (e.g. security, traceability and processing and administration of client relationships).
4.7. Job applications
You may submit your application for a position with us by post or via the e-mail address provided on our website. The application documents and all personal data disclosed to us along with it will be treated as strictly confidential, will not be disclosed to any third party and will only be processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal retention obligation. The legal basis for processing your data is your consent, the fulfilment of the contract with you and our legitimate interests.
We process the following information in particular:
- Contact information (e.g. surname, first name, address, telephone number, e-mail).
- Personal information (e.g. profession, function, title, employer company).
- Application documents (e.g. cover letter, certificates, diplomas, CV).
- Assessment information (e.g. assessment by HR consultants, reference information, assessments).
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Safeguarding legitimate interests (e.g. hiring new employees).
4.8. Suppliers, service providers, other contractual partners
If we conclude a contract with you to provide a service for us, we process personal data about you or your employees. We need this data to communicate with you and to avail of your services. Under certain circumstances, we may also process this personal data to ensure that we do not incur any unwanted risks, e.g. with regard to money laundering or sanctions.
We process the following information in particular:
- Contact information (e.g. surname, first name, address, telephone number, e-mail).
- Personal information (e.g. profession, function, title, employer company).
- Financial information (e.g. data on bank details).
We process this personal data for the purposes described above on the basis of the following legal grounds:
- Conclusion or execution of a contract with, or for the benefit of, the data subject, including contract initiation and possible enforcement.
- Safeguarding legitimate interests, (e.g. avoiding conflicts of interest, protecting the company, enforcing legal claims).
5. Data sharing and data transmission
We will only disclose your data to third parties if this is necessary to provide our service, if these third parties provide a service for us, if we are obliged to do so by law or by the authorities or if we have an overriding interest in disclosing the personal data. We will also disclose personal data to third parties if you have granted your consent or requested us to do so.
Not all personal data is transmitted encrypted as standard. Unless explicitly agreed to the contrary with the customer, accounting data, salary administration data, salary slips and salary statements are transmitted in unencrypted form.
The following categories of recipients may receive personal data from us:
• Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).
• Third parties within the scope of our legal or contractual obligations, authorities, state institutions, courts.
We conclude contracts with service providers who process personal data on our behalf, under the terms of which they are obligated to ensure data protection Most of our service providers are located in Switzerland or in the EU / EEA. Certain items of personal data may also be transferred to the USA (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. Should a data transfer to other countries that do not have an adequate level of data protection be necessary, this will take place based on the EU standard contractual clauses (e.g. in the case of Google) or other suitable instruments).
6. Duration of the retention of personal data
We process and store your personal data for as long as necessary for the fulfilment of our contractual and legal obligations or purposes pursued by the processing, for example for the duration of the business relationship (from the initiation, processing to the termination of a contract), as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, personal data may be retained for the time during which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so, or this is required based on legitimate business interests (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the aforementioned purposes, it will be deleted or anonymised as far as possible. Operational data (e.g. system logs, logs) is subject to shorter retention periods of twelve months or less.
7. Data security
We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation and controls.
8. Obligation to provide personal data
In the context of our business relationship, you must provide such personal data as is necessary for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will not be able to conclude or perform a contract with you (or the entity or person you represent). Also, the website cannot be used unless certain information to secure data traffic (such as IP address) is disclosed.
9. Your rights
You have the following rights in relation to our processing of personal data:
- Right to be informed about personal data stored by us about you, the purpose of processing, the origin and about recipients or categories of recipients to whom personal data is passed on.
- Right to rectification if your data is incorrect or incomplete.
- Right to restrict the processing of your personal data.
- Right to erasure of the personal data processed.
- Right to data portability.
- Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons.
- Right to lodge a complaint with a competent supervisory authority, where provided for by law.
To exercise these rights, contact the address provided in section 1.
Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If you incur costs, we will inform you in advance.
10. Amending the privacy policy
We expressly reserve the right to change this privacy policy at any time.
Last change: June 2023