Privacy policy

1. Who we are

von Ah & Partner AG is a company that provides consulting services in all areas of Swiss and international tax and business law. The range of services offered by von Ah & Partner AG includes:

Advice on national and international corporate tax law and on the taxation of natural persons, on value added tax, in particular also on tax issues relating to collective capital investments, on the repurchase of own participation rights, on international structures, on tax issues relating to trusts and foundations.

2. Basics of data processing

This privacy policy describes how we process personal data, in particular which personal data we collect and for what purpose. It also regulates the transfer of data, the retention period and your rights.

Personal data (hereinafter also referred to as data) means all information relating to an identified or identifiable natural person. The term "data processing" is to be understood situationally and includes any handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, use, modification, disclosure, archiving or destruction of data.

We collect and process personal data to fulfill our business tasks, within the legally and contractually regulated framework. The collection, processing and use of personal data are subject to the applicable Swiss^[1] and, where applicable, European legal provisions^[2].

We collect personal data in a transparent manner and in compliance with the principles of proportionality and purpose limitation. The data is only processed to the extent and for as long as necessary for our tasks and duties.

3. purpose of the collection and processing of personal data

We process those personal data that are necessary to be able to guarantee our offer permanently, securely and reliably. This includes in particular.

• Handling and managing contractual relationships with customers, employees, suppliers, etc.;
• Maintaining contact and communication in connection with a service delivery;
• Operation of the website;
• Ensuring safety, meeting legal obligations, enforcing claims;
• Statistical survey/evaluations.

4. what personal data do we process?

4.1 General contact and basic data

Depending on the purpose of the data processing, customer segment and service areas, we collect various types of personal data, including, under certain circumstances, personal data requiring special protection.

We process at least the following personal data from all contact, dialog and contractual partners as well as customers:

• Surname, first name, e-mail address and, if applicable, gender, address, telephone number, title, date of birth, nationality, religious affiliation, marital status, information on family relationships, occupation, information on employer, title, AHV number and national/international tax identification number;
• E-mail and written correspondence (mail).

In addition, depending on the purpose of the data processing, customer segment and service area, we collect and process additional data in accordance with the descriptions in the following sections:

4.2 Data for the processing of mandates

For the provision and administration of our mandates and for communication with our clientele, we process the following personal data:

(1) General contact and basic data according to section 4.1;

(2) For companies:

• Legal form, share capital and paid-up capital, year of incorporation of the company, external auditors, domestic and foreign sales, annual sales achieved per area of activity, register no.;
• Branches: Location of the branch, company name, address, telephone, internet, e-mail, correspondence language;
• Information on the number of employees: departments, number of employees or persons in charge, full-time equivalents;

(3) Financial Information;

(4) Risk Assessment Data:

• Debt Collection Register Extracts;
• Management and control of the company:
  Information on the natural persons/shareholders and members of the company management involved in the company: surname, first name, year of birth, nationality, function, share of votes, information on activities in the company;
  Information on the companies and foundations involved in the company: Company name, registered office, area, degree of participation;
  Contact person details: surname, first name, date of birth, e-mail and telephone number;
• Information on the employment of responsible persons with third-party companies and, if applicable, name, first name, company, industry, function and degree of employment of the employment;
• Information on shareholdings 

(5) Payment Information;

(6) Mandate data such as:

• Statutes, minutes, contracts,
• Employee data (salary, social security),
• Accounting and tax information,
• personal data requiring special protection [such as data on health, religion, receipt of social assistance, debt collection or bankruptcy].

This data is processed primarily in connection with services in the area of Swiss and international tax and business law. It mainly concerns data of our clients. However, it may also concern third parties, such as employees, contact persons or persons who have a (contractual) relationship with our clients. Our customers can therefore also refer to this privacy statement, but must also take measures themselves to comply with data protection legislation.

The data processing serves the execution and administration of the mandates, the credit assessment, the avoidance of conflicts of interest and the quality check. It also fulfills the legal and contractual requirements.

The data is usually communicated and provided directly by the clients. However, depending on the type and scope of the mandate, they may also originate from authorities, courts or third parties. Under certain circumstances, data may also be collected directly from the employer of the persons concerned.

4.3. data for mailings

For the purpose of sending information about events, publications etc. (marketing purposes) we process the following personal data:

• General contact and basic data according to section 4.1.

This data is necessary for the provision of the service, for communication or for the maintenance of our customer base. In order to improve our services, information in connection with marketing and mailings is also evaluated statistically. You can object to the use of your personal data for marketing purposes at any time.

4.4. Data related to direct communication (telephone, e-mail or chat, online meetings, video conferences, etc.)

The online meetings and video conferences we organize are conducted with Zoom. For direct communication via telephone, e-mail, collaboration solution or chat, we as well as our corresponding service providers may process the following personal data to the extent necessary:

• General contact and basic data according to section 4.1;
• Other personal data included in the e-mail communication;
• Communication data such as IP address, time and duration of communication;
• Recordings of video conference, if necessary.

We process this personal data to provide and improve our services to our customers and other interested third parties.

4.5. data about the personnel

The processing of data for employee administration is regulated separately in an internal directive.

Application documents that do not lead to employment will be deleted/destroyed after completion of the application process, unless we receive consent to retain them.

4.6 Suppliers and other contractual partners

We process the following personal data of business partners who provide services or supplies to us:

• General contact and basic data according to section 4.1;
• Financial information such as bank details
• Information available in the contract (such as data on the responsible employees, consultants, information on the service provided, etc.).

We process this data in fulfillment of a contract and in application of the statutory retention periods of commercial and tax law. If our contractual partners have access to our personal data in fulfillment of their order [e.g. IT companies], we conclude a corresponding order processing contract with them.

4.7. operation, control and improvement of the website and other electronic channels

4.7.1 Server log files

Our website can be used without having to disclose extensive personal data. However, the server collects user information with each call. This information is temporarily stored in the server's log files. However, an assignment to a specific person does not take place. Log files contain the following information:

• Date, time of access and amount of data,
• the browser used and the operating system,
• the domain name of the provider,
• the page from which you came to our site (Referred URL),
• the search query,
• the IP address.

The collection of this data is technically necessary: The collected data serves the stability and security of the website and is used to analyze the use of the website and to improve it. They also enable a precise check in the event of suspicion of unlawful use of our website.

4.7.2 Cookies

Our websites use cookies and similar technologies. If the settings of your device allow it, we use cookies and similar tools to provide you with an optimal browsing experience on our websites.

Cookies are text files that are stored on your computer and allow an analysis of your use of the website. Thus, they support the presentation of our website and help you navigate our website. Cookies collect data such as:

• the IP address,
• the website from which you are visiting us,
• the type of device you are using,
• how you use our search function (so-called search log),
• what actions you perform when you receive the newsletter.

For more information on the use of cookies, please refer to the information on the use of web analysis tools (section 6.1).

It is also possible to visit our website without cookies. You can prevent the storage of cookies in the browser settings. However, this may have an impact on the usability of the website.

You can also change your consent to cookie use below.

‍

4.8. Ensuring safety, fulfilling legal obligations, enforcing claims.

We may process the aforementioned personal data to ensure security and to enforce your rights, if necessary for this purpose, and may also forward it to third parties, such as courts or authorities, for this purpose.

5. data collection, retention period, security measures

5.1 Data acquisition

As a rule, we receive the personal data mentioned in section 4 directly from you when you use one of the services.

In the case of mandates, however, the data may also originate from authorities, courts or third parties, depending on the type and scope of the mandate.

We also extract publicly available information from the media and the Internet where this is appropriate in a specific case (e.g. in the context of an application), as well as data in connection with the use of the website (see section 4.8).

5.2 Retention period

We process and store personal data as long as this is necessary for the fulfillment of our contractual and legal obligations or other purposes pursued with the processing and as long as there is a legitimate interest on our part in the storage of the respective personal data. In addition, we retain personal data that is subject to statutory retention periods or that is still required for criminal prosecution or to secure, assert or enforce legal claims.

5.3 Data security

We take appropriate technical and organizational security measures to protect personal data from unauthorized access and misuse. These include IT and network security solutions, access restrictions, encryption of data carriers and transmissions, instructions, training and controls.

The data is stored in the applications and software applications we use. The data is stored on servers in [Switzerland/abroad]. If data is stored abroad (teams, log, etc.), the rules according to section 7 apply.

If third parties have access to our data, special measures are taken, which are regulated in the order processing contract (see section 8).

6. third-party tracking technology and IT tools

6.1 Google Analytics

This website uses the Google web analytics service "Google Analytics", by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookies about your use of our website is usually transmitted to a Google server in the USA and stored there. We would like to point out that on this website Google Analytics has been extended by the code "anonymizeIP ();" to ensure anonymized collection of IP addresses (so-called IP masking).

In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google in Switzerland, within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. As a result, it is not possible to draw any conclusions about your identity.

Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for us.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the available browser plug-in.

You can also prevent Google Analytics from collecting your data by setting an opt-out cookie that will prevent future collection of your data when you visit this website: Disable Google Analytics.

You can find more information about this at https://marketingplatform.google.com/about/analytics/terms/de/ and about data protection at http://www.google.com/intl/de/analytics/privacyoverview.html.

Personal data processed: Usage data; Tracker.

Processing Location: United States - Privacy Policy; Ireland - Privacy Policy.

6.2 Google Fonts

Google Fonts is a font visualization service provided by Google LLC or by Google Ireland Limited, depending on how the provider manages data processing, which allows this website to embed corresponding content on its pages.

Personal data processed: Usage data; Tracker.

Processing Location: United States - Privacy Policy; Ireland - Privacy Policy.

6.3 Google Maps widget

Google Maps is a map visualization service provided by Google LLC or by Google Ireland Limited, depending on how the provider manages data processing, which allows this website to embed relevant content on its pages.

Personal data processed: Usage data; Tracker.

Processing Location: United States - Privacy Policy; Ireland - Privacy Policy.

6.4 Google Tag Manager

Google Tag Manager is a tag management service provided by Google LLC or by Google Ireland Limited, depending on how the provider manages data processing.

Personal data processed: Usage data; Tracker.

Processing Location: United States - Privacy Policy; Ireland - Privacy Policy.

6.5 Webflow (Webflow, Inc.)

Webflow is a platform provided by Webflow, Inc. that allows the owner to build, host and operate this website. Webflow is highly customizable and can host websites with content ranging from simple blogs to complex e-commerce platforms.

Personal Data Processed: Usage Data; Trackers; various types of data as described in the Service's Privacy Policy.

Processing Location: United States - Privacy Policy.

7. Data sharing and data transmission

We may disclose personal data to third parties if you have given your consent to do so or if this is necessary for the provision of the respective service or the fulfillment of the purpose of the contract or the protection of our legitimate interest or if we are required to do so by law.

The following categories of recipients may receive personal data from us:

• Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).
• Third parties within the scope of our legal or contractual obligations, authorities (such as namely the audit supervisory authority, tax authorities, etc.), state institutions, courts.

The third parties commissioned by us are contractually obligated to comply with data protection and to process the data only for the purpose specified by us.

The majority of our service providers are located in Switzerland or in the EU/EEA. Certain personal data may also be transferred to the USA (e.g. Google Analytics data). If a data transfer to a country that does not have an adequate level of data protection is necessary, this will be done on the basis of standard contractual clauses (e.g. in the case of Google) or other suitable guarantees.

The information you provide us with may also be anonymized for statistical analysis purposes and passed on to third parties.

8. Your rights

Any person may request information about the data processed about him or her, as well as about the origin, the recipient and the purpose of the data collection and data processing. In addition, you have the right to request the correction, blocking, deletion or transfer of your data.

We may refuse, restrict or postpone the provision of information in accordance with the statutory provisions if a) a law in the formal sense provides for this, namely in order to protect a professional secret; b) this is necessary due to the overriding interests of third parties; or c) the request for information is obviously unfounded, namely if it pursues a purpose contrary to data protection, or is obviously querulous.

Data that is retained due to legal regulations or is required for business processing cannot or must not be deleted. If data is not covered by a legal archiving obligation or our overriding interest in preserving it, we will delete your data at your request. If the archiving obligation applies, we will block your data.

In addition, you can assert your claims in court or file a complaint with the competent data protection authority.

9. Final provisions

9.1 Responsible body and contact

We are responsible for the data processing according to this privacy policy unless otherwise regulated.

General inquiries about data protection can be sent by mail or e-mail to: von Ah & Partner AG, Seestrasse 344, P.O. Box, 8038 Zurich; vonah@vonahpartner.ch.

In the event of questions regarding a specific person, requests for correction or a request for deletion, a copy of the ID or passport identifying the user must also be enclosed.

9.2 Adjustments to the privacy policy

We may change our privacy policy at any time by posting it on the website. This privacy policy was last updated in August 2023.

___

^[1] Federal Data Protection Act of September 25, 2020 (DPA), Ordinance on Data Protection of August 31, 2022, (Data Protection Ordinance, DPA).

[^2] EU General Data Protection Regulation (GDPR or GDPR)