Privacy Notice

Revinova Treuhand AG Privacy Notice

Revinova Treuhand AG, Friesenbergstrasse 75, 8055 Zurich, Switzerland, Commercial Registry Office Zurich CHE-107.836.425) hereafter referred to as Revinova.

Revinova respects your privacy and is committed to protecting your personal data. This privacy notice describes how we will look after your personal data, how we collect and use personal data, whether provided to us by the individuals concerned or others. We may use personal data as described in this privacy statement or as made clear before collecting the personal data.

What is personal data?

Personal data is any information relating to an identified or identifiable living person.

Data Protection Officer

Revinova has appointed a Data Protection Officer currently Michael Sargeant, who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including exercising any of the rights set out later within this notice, you can contact the data protection officer by email contact@revinova.ch or by writing to the Data Protection Officer, Revinova Treuhand AG, Friesenbergstrasse 75, 8055 Zurich, Switzerland.

If you have any complaints relating to the use of your personal data, these can be sent to the Data Protection Officer, as set out in the paragraph above. We will try to deal with your concerns, and respond to you.

Reasons for collecting personal data

Revinova provides services to individuals as well as businesses, charities and not-for-profit and other organisations. Where we engage with clients for professional services, we may collect and process personal data to satisfy our contractual obligations. We request that you do not send us personal data that is not required to fulfil our contractual obligations. The details of the contract will be set out in our letter of engagement.

We may use your data to assist with our regulatory, legal or ethical requirements. This may include verifying the identity of individuals.

What data do we collect?

The types of data we collect in respect of professional services will include your name and contact details, and other information to enable us to service your needs. It may include financial information, non-financial information, payroll information, other employee information (including information relating to staff performance, dismissals and legal disputes), shareholder information, beneficiary information, customer and supplier information, income information, and any other information relevant to the work you ask us to perform.

How long do we keep data for?

We will retain the data for as long as it is considered to be necessary for the purpose we collected it for. This may be determined by law, or regulatory requirements. This is typically 10 years in Switzerland. We may keep data for longer to defend our legal rights, or the legal rights of our clients. Data may be kept for longer, where relevant, with restricted access applied to it.

Basis for processing data?

We will process your data under either the lawful basis of contract or in order to fulfil our regulatory obligations in Switzerland. You may contact our Data Protection Officer as above if you wish to know on which basis your data is being processed. We will only process your data in accordance with the General Data Protection Regulations that apply.

Depending on the contract in addition we may be assisting you in complying with your legal obligation for processing data.

Where will processing be performed?

Revinova’s servers are located in Switzerland and all processing of data is carried out in Switzerland.

Do we share or transfer personal data?

We share data with other professionals only when necessary to meet regulatory requirements or our duty as accountants to you in looking after your affairs.

We may receive requests from third parties with authority to obtain disclosure of personal data. This may be in order to check that we are complying with applicable laws and regulations, to investigate alleged crime, to establish, exercise or defend legal rights, or to meet legal obligations that we hold.

We will only fulfil requests for personal data where we are permitted or required to do so, in accordance with applicable law or regulation.

We do not share data with anyone for marketing purposes.

Is my data secure?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to the employees and third parties who have a business reason to have access. Your data will only be accessed and processed on our instructions and all are subject to a duty of confidentiality.

We have put procedures in place to deal with any suspected breach of personal data and will notify you and the regulator where we are legally required to do so.

The Rights of an individual under GDPR

Individuals have certain rights over their personal data, and data controllers are responsible for fulfilling these rights.

Right to be Informed – you have the right to know what data we have, how we use it and how long we will hold it for.

Right of Access – Individuals may request access to their personal data, held by us as a data controller.

Right to Rectification – if the personal data we hold about you is incomplete or inaccurate, you have the right to require us to rectify the data we hold. We may need to verify the accuracy of the data you provide to us in order to ensure our data is accurate.

Right to Request Erasure (also known as the right to be forgotten) – You may request that we delete your personal data, where there is no good reason for us to keep it. However, we may not always be able to comply with your request, where we are required by law to retain your personal data. If this is the case, we will provide details of this, should you request erasure.

Right to Object to Processing – Where we process your personal data based on the lawful basis of consent, individuals may withdraw their consent to this processing. You may also object to us processing your data for marketing purposes. In some cases, we may be able to demonstrate compelling legitimate grounds to process your data which override your rights.

Right to Restrict Processing – This right allows you to ask us to suspend processing your personal data in the following cases:

  • If you want us to verify the data’s accuracy;
  • Where our use of the data is unlawful but you do not wish us to erase it;
  • Where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims; or
  • You have objected to our use of the data but we need to verify whether we have legitimate overriding grounds to continue to use it.

Right to Data Portability – You have the right to request the transfer of your personal data, either to you or a third party, you have chosen. We will provide this data to you, in a structured, commonly used, machine – readable format

Rights in relation to automated decision making and profiling – you have the right to know if, when and how automated decision making and profiling will be applied to your personal data.

Changes to our privacy notice

We keep our privacy notice under review. This notice was last updated on 19 September 2018.