Data Protection
DATA PROTECTION POLICIES
In this privacy policy, we, Tarantino AG, describe how we collect and process personal data. This privacy policy is not exhaustive; specific situations regarding data protection may be governed by other statements. For the purposes of this privacy policy, personal data refers to any information relating to an identified or identifiable person.
1. RESPONSIBLE ENTITY AND CONTACT
Responsible for the data processing activities described here is Tarantino AG, unless otherwise specified in individual cases. Inquiries regarding data protection can be directed to us by letter or email, including a copy of the ID or passport for user identification: Tarantino AG, Gartenstrasse 25, 8002 Zurich. .
2. COLLECTION AND PROCESSING OF PERSONAL DATA
We process personal data in particular in the following categories of processing:
- Customer data of clients for whom we have provided or are providing services.
- Personal data that we indirectly receive from our clients during service provision.
- When visiting our website. When using our newsletter.
- When participating in an event organized by us.
- When we communicate or a visit takes place.
- In other contractual relationships, e.g. as a supplier, service provider, or consultant. In applications.
- When we are legally or regulatorily obligated to do so.
- When we exercise our due diligence or other legitimate interests, e.g., to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security, or enforce our rights.
Detailed information can be found in the description of each category of processing in section 5.
3. CATEGORIES OF PERSONAL DATA
The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process further information about you or persons related to you. This information may include particularly sensitive personal data.
We collect the following categories of personal data, depending on the purpose for which we process it:
- Contact information (e.g., name, first name, address, telephone number, email).
- Customer information (e.g., date of birth, nationality, marital status, profession, title, job title, passport/ID number, social security number).
- Risk assessment data (e.g., creditworthiness information, commercial register data).
- Financial information (e.g., data on bank accounts).
- Mandate data, depending on the assignment (e.g., tax information, statutes, protocols, projects, contracts, employee data (e.g., salary, social insurance), accounting data, beneficial owners, property relationships).
- Website data (e.g., IP address, device information (UDI), information about the browser, website usage (analysis and use of plugins, etc.))
- Application data (e.g., CV, references).
- Marketing information (e.g., newsletter subscription). Security and network data (e.g., visitor lists, access controls, network and mail scanners, telephone call lists).
As far as permitted, we also obtain certain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, press, internet) or receive such from our clients and their employees, authorities, (arbitration) courts, and other third parties. In addition to the data from you that you provide us directly, the categories of personal data that we receive from third parties about you include in particular information from public registers, information that we learn in connection with administrative and judicial proceedings, information related to your professional functions and activities (so that we can, for example, conclude and execute business with your employer with your help), information about you in correspondence and meetings with third parties, credit reports, information about you that people from your environment (family, advisors, legal representatives, etc.) give us so that we can conclude or execute contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney) information to comply with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales, and other contractual partners of ours to use or provide services by you (e.g., payments made, purchases made), information from the media and internet about you (if this is indicated in the specific case, e.g., as part of an application, etc.), your addresses and possibly interests and other sociodemographic data (for marketing), data related to the use of the website (e.g., IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content retrieved, used functions, referring website, location data).
4. PURPOSES OF DATA PROCESSING AND LEGAL BASIS
4.1 PROVISION OF SERVICES
We primarily process the personal data that we receive in the context of our mandate relationships with our clients and other contractual relationships with business partners from these and other persons involved.
The personal data of our clients includes in particular the following information:
- Contact information (e.g., name, first name, address, telephone number, email, other contact information)
- Personal information (e.g., date of birth, nationality, marital status, profession, title, job title, passport/ID number, social security number, family circumstances, etc.)
- Risk assessment data (e.g., creditworthiness information, commercial register data, sanctions lists, specialized databases, internet data)
- Financial information (e.g., data on bank connections, investments, or participations)
- Mandate data, depending on the assignment, e.g., tax information, statutes, protocols, employee data (e.g., salary, social insurance), accounting data, etc.
- Particularly sensitive personal data: Among these personal data, there may also be particularly sensitive personal data, such as data on health, religious views, or measures of social assistance, especially when we provide services in the field of payroll processing or accounting.
These personal data are processed for the purposes described, based on the following legal bases:
- Conclusion or execution of a contract with the person concerned or for the benefit of the person concerned, including contract initiation and any enforcement (e.g., consulting, fiduciary)
- Compliance with a legal obligation or obligation to disclose information
- Safeguarding legitimate interests, (e.g., for administrative purposes, to improve our quality, ensure security, risk management, enforce our rights, defend against claims, or check possible conflicts of interest)
- Consent (e.g., to send you marketing information).
4.2 INDIRECT DATA PROCESSING FROM SERVICE PROVISION
When we provide services for our clients, it may happen that we also process personal data that we have not directly collected from the persons concerned or personal data from third parties. These third parties are usually employees, contact persons, family members, or persons who are related to the clients or the persons concerned for other reasons. We need these personal data to fulfill contracts with our clients. We receive this personal data from our clients or from third parties commissioned by our clients. Third parties whose information we process for this purpose are informed by our clients that we process their data. Our clients can refer to this privacy policy.
The personal data of persons related to our clients include in particular the following information:
- Contact information (e.g., name, first name, address, telephone number, email, other contact information, marketing data)
- Personal information (e.g., date of birth, nationality, marital status, profession, title, job title, passport/ID number, social security number, family circumstances, etc.)
- Financial information (e.g., data on bank connections, investments, or participations)
- Mandate data, depending on the assignment, e.g., tax information, statutes, protocols, employee data (e.g., salary, social insurance), accounting data
- Particularly sensitive personal data: Among these personal data, there may also be particularly sensitive personal data, such as data on health, religious views, or measures of social assistance, especially when we provide services in the field of payroll processing or accounting.
These personal data are processed for the purposes described, based on the following legal bases:
- Conclusion or execution of a contract with the person concerned or for the benefit of the person concerned (e.g., when we fulfill our contractual obligations)
- Compliance with a legal obligation (e.g., when we fulfill our duties as an audit firm or are obligated to disclose information)
- Safeguarding legitimate interests, in particular our interest in providing optimal service to our clients.
4.3 USE OF OUR WEBSITE
To use our website, personal data does not need to be disclosed. However, with each call, the server collects a number of user information, which is temporarily stored in the server's log files.
When using this general information, no assignment to a specific person takes place. The collection of this information/data is technically necessary to display our website and to ensure its stability and security. This information is also collected to improve the website and analyze its use.
This particularly includes the following information:
- Contact information (e.g., name, first name, address, telephone number, email)
- Further information that you transmit to us via the website
- Technical information automatically transmitted to us or our service providers, information on user behavior or the settings of the website (e.g., IP address, UDI, device type, browser, number of clicks on the page, opening the newsletter, click on links, etc.)
These personal data are processed for the purposes described, based on the following legal bases:
- Safeguarding legitimate interests, (e.g., for administrative purposes, to improve our quality, analyze data, or make our services known)
- Consent (e.g., for the use of cookies or the newsletter).
4.4 NEWSLETTER USE
If you subscribe to our newsletter, we use your email address and other contact details to send you the newsletter. You can subscribe to our newsletter with your consent. The required information for sending the newsletter is your full name and your email address, which we store after your registration. The legal basis for processing your data in connection with our newsletter is your consent to receive the newsletter. You can revoke this consent at any time and unsubscribe from the newsletter.
4.5 PARTICIPATION IN EVENTS
When you participate in an event organized by us, we collect personal data to organize and conduct the event and to possibly send you additional information afterwards. We also use your information to inform you about further events. It is possible that you will be photographed or filmed by us at these events and that we publish this imagery internally or externally.
This particularly includes the following information:
Contact information (e.g., name, first name, address, phone number, email)
- Personal information (e.g., profession, position, title, employer, dietary habits)
- Images or videos
- Payment information (e.g., bank details).
We process this personal data for the described purposes based on the following legal grounds:
- Fulfillment of a contractual obligation with or for the benefit of the person concerned, including contract initiation and possible enforcement (enabling participation in the event)
- Protection of legitimate interests (e.g., conducting events, disseminating information about our event, providing services, efficient organization)
- Consent (e.g., to send marketing information or to create imagery).
4.6 DIRECT COMMUNICATION AND VISITS
When you contact us (e.g., via phone, email, or chat) or we contact you, we process the necessary personal data. We also process this personal data if you visit us. In this case, you may have to leave your contact details before your visit or at the reception. These are stored by us for a certain period to protect our infrastructure and our information.
For conducting phone conferences, online meetings, video conferences, and/or webinars ("Online Meetings"), we use the services of "Microsoft Teams," "Zoom," or "Google Meet."
We process the following information in particular:
- Contact information (e.g., name, first name, address, phone number, email)
- Peripheral data for communication (e.g., IP address, duration of communication, communication channel)
- Recordings of conversations, e.g., in video conferences
- Other information uploaded, provided, or created by the user during the use of the video conferencing service, as well as metadata used for maintaining the provided service.
- Additional information about the processing of personal data by "Microsoft Teams", "Zoom", or "Google Meet" can be found in their privacy policies.
- Personal information (e.g., profession, position, title, employer)
- Time and reason for the visit.
We process this personal data for the described purposes based on the following legal grounds:
- Fulfillment of a contractual obligation with or for the benefit of the person concerned, including contract initiation and possible enforcement (provision of a service)
- Protection of legitimate interests (e.g., security, traceability, as well as processing and administration of customer relationships).
4.7 APPLICATIONS
You can submit your application for a position with us by mail or via the email address provided on our website. The application documents and all personal data disclosed to us are treated confidentially, not disclosed to third parties, and processed only for the purpose of processing your application for employment with us. Without your contrary consent, your application dossier will either be returned to you or deleted/destroyed after the conclusion of the application process, unless it is subject to a legal retention obligation. The legal basis for processing your data is your consent, the fulfillment of the contract with you, and our legitimate interests.
We process the following information in particular:
- Contact information (e.g., name, first name, address, phone number, email)
- Personal information (e.g., profession, position, title, employer)
- Application documents (e.g., cover letter, certificates, diplomas, CV)
- Evaluation information (e.g., assessment by HR consultants, reference information, assessments)
We process this personal data for the described purposes based on the following legal grounds:
- Protection of legitimate interests (e.g., hiring new employees)
- Consent.
4.8 SUPPLIERS, SERVICE PROVIDERS, OTHER CONTRACT PARTNERS
When we enter into a contract with you for you to provide a service for us, we process personal data from you or your employees. We need this to communicate with you and to use your services. We may also process this personal data to check for any conflicts of interest and to ensure that we do not enter into any unwanted risks, e.g., regarding money laundering or sanctions, with the collaboration.
We process the following information in particular:
- Contact information (e.g., name, first name, address, phone number, email)
- Personal information (e.g., profession, position, title, employer)
- Financial information (e.g., bank details).
We process this personal data for the described purposes based on the following legal grounds:
- Conclusion or processing of a contract with or for the benefit of the person concerned, including contract initiation and possible enforcement
- Protection of legitimate interests (e.g., avoiding conflicts of interest, protecting the company, enforcement of legal claims).
5. TRACKING TECHNOLOGIES
We use cookies on our website. These are small files automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site.
The cookie stores information related to the specific end device used. However, this does not mean that we immediately become aware of your identity. The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.
In addition, we use temporary cookies for the optimization of user-friendliness, which are stored on your end device for a specified fixed period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again. We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period.
The data processed by cookies are necessary for the stated purposes. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notice appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the features of our website.
6. WEB AND NEWSLETTER ANALYSIS
To gain insight into the use of our website, to improve our online offer, and to address you with advertising on third-party websites or on social media, we use the following web analysis tools and re-targeting technologies: "Google Analytics."
These tools are provided by third-party providers. Normally, the information collected for this purpose about the use of a website is transmitted to the server of the third-party provider by using cookies or similar technologies. Depending on the third-party provider, these servers are located abroad.
The data is usually transmitted with shortened IP addresses, preventing the identification of individual end devices. Transfer of this information by third-party providers only occurs based on legal regulations or within the scope of order data processing.
6.1 GOOGLE ANALYTICS
We use Google Analytics, a web analysis service of Google LLC, Mountain View, California, USA, responsible for Europe is Google Limited Ireland ("Google"), on our websites. To deactivate Google Analytics, Google provides a browser plugin at https://tools.google.com/dlpag.... Google Analytics uses cookies. These are small text files that make it possible to store specific, user-related information on the user's end device. They enable an analysis of our website offer by Google. The information collected by the cookie about the use of our pages (including your IP address) is usually transmitted to a server of Google in the USA and stored there. We point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (so-called IP masking). If anonymization is active, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, so no conclusions can be drawn about your identity. Only in exceptional cases is the full IP address transmitted to a server of Google in the USA and shortened there. Google may link your IP address with other data from Google. For data transfers to the USA, Google has committed to signing and complying with the EU standard contractual clauses.
6.2 GOOGLE MAPS
On our website, we use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Limited Ireland, "Google"). Google Maps is a web service for displaying interactive (land) maps to visually represent geographical information. Using this service, our location is shown to you, making it easier to approach us. Already when accessing those subpages into which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transferred to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account that you are logged in to, or if there is no user account. If you are logged into Google, your data will be directly assigned to your account. If you do not want to be associated with your profile on Google, you must log out before activating the button. Google stores your data (even for non-logged in users) as usage profiles and evaluates them.
For data transmissions to the USA, Google has committed to signing and complying with the EU standard contractual clauses.
6.3 SOCIAL MEDIA PLUGINS
On our website, so-called social media plugins ("plugins") from third parties are used. The plugins can be identified by the logo of the respective social network. Through the plugins, we offer you the opportunity to interact with social networks and other users. We use the following plugins on our website: Facebook, Twitter, LinkedIn, YouTube, Instagram. When you visit our website, your browser establishes a direct connection to the servers of the third-party provider. The content of the plugin (e.g., YouTube videos) is transmitted directly from the respective third-party provider to your browser and integrated into the page.
The data transfer for displaying content (e.g., publications on Twitter) takes place regardless of whether you have an account with the third party and are logged in there. If you are logged in with the third party, your data collected by us will also be directly associated with your account with the third party. If you activate the plugins, the information is also published in the social network and shown to your contacts. For the purpose and scope of data collection and further processing and use of the data by the third-party providers, as well as your related rights and settings options for the protection of your privacy, please refer to the privacy notices of the third-party providers. The third-party provider stores the data collected about you as usage profiles and uses these for advertising, market research, and/or tailored design of its website. Such an evaluation takes place, in particular, also for non-logged-in users to display tailored advertising and to inform other users of the social network about your activities on our website. If you do not want the third-party provider to associate the data collected via our web presence with your personal profile in the respective social network, you must log out of the respective social network before visiting our website. You can also completely prevent the loading of plugins with specialized add-ons for your browser, such as "Ghostery" (https://www.ghostery.com/) or "NoScript" (http://noscript.net/).
7. DATA TRANSFER AND DATA TRANSMISSION
We only pass on your data to third parties if it is necessary for the provision of our service, if these third parties perform a service for us, if we are legally or officially obligated to do so, or if we have a predominant interest in the transfer of personal data. We will also pass on personal data to third parties if you have given your consent or have requested us to do so.
Not all personal data is transmitted in encrypted form by default. Unless explicitly agreed otherwise with the customer, accounting data, payroll administration data, payroll statements, and payroll certificates are transmitted unencrypted.
The following categories of recipients may receive personal data from us:
- Service providers (e.g., IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).
- Third parties within the framework of our legal or contractual obligations, authorities, state institutions, courts.
With service providers who process personal data on our behalf, we conclude contracts that oblige them to ensure data protection. Most of our service providers are located in Switzerland or in the EU/EEA. Certain personal data may also be transferred to the USA (e.g., Google Analytics data) or in exceptional cases to other countries worldwide. Should data transfer to other countries that do not have an adequate level of data protection be necessary, this will be done based on the EU standard contractual clauses (e.g., in the case of Google) or other suitable instruments.
8. DURATION OF STORAGE OF PERSONAL DATA
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond according to the legal storage and documentation obligations. It is possible that personal data are stored for the time during which claims can be asserted against our company (i.e., particularly during the statutory limitation period) and as far as we are otherwise legally obliged or legitimate business interests require it (e.g., for evidence and documentation purposes). Once your personal data are no longer required for the above-mentioned purposes, they will generally and as far as possible be deleted or anonymized. For operational data (e.g., system logs, logs), generally shorter retention periods of twelve months or less apply.
9. DATA SECURITY
We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as the issuance of instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, and controls.
10. OBLIGATION TO PROVIDE PERSONAL DATA
As part of our business relationship, you must provide those personal data that are necessary for the commencement and execution of a business relationship and the fulfillment of the associated contractual obligations (you usually do not have a legal obligation to provide us with data). Without this data, we will not be able to conclude or execute a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.
11. YOUR RIGHTS
You have the following rights in connection with our processing of personal data:
- Right to information about personal data stored by us about you, the purpose of processing, the origin, and recipients or categories of recipients to whom personal data is passed on.
- Right to correction if your data is incorrect or incomplete.
- Right to restrict the processing of your personal data.
- Right to request the deletion of the processed personal data.
- Right to data portability.
- Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons.
- Right to complain to a competent supervisory authority if legally provided.
To assert these rights, please contact the address given in Section 1.
However, please note that we reserve the right to assert the legal restrictions provided for by law, such as when we are obliged to store or process certain data, have an overriding interest in it (as far as we may rely on it), or need it for the assertion of claims. If costs arise for you, we will inform you in advance.
12. CHANGES TO THE PRIVACY POLICY
We expressly reserve the right to change this privacy policy at any time. Last updated: August 2023