Privacy Policy

Published on December 12, 2023

Privacy Notice

 

1.0    INTRODUCTION

RSM Switzerland AG and its affiliates is a member of the RSM network and trades as RSM. RSM is the trading name used by the members of the RSM network.
RSM Switzerland AG, RSM Audit Switzerland AG, RSM Swiss KMU GmbH (“RSM” or “Company”) values its clients, employees and candidates’’ privacy and is committed to protecting their personal data (hereafter “you”, “your”, “yours” or “the client”).
 

2.0    PURPOSE

The purpose of this Swiss Federal Act on Data Privacy (FADP) Data Privacy Notice is to provide transparency and clarity on how RSM handles and protects your personal data. We strive to ensure that your information is handled securely, and we are dedicated to complying with applicable data protection laws and regulations, as well as industry best practices.

 

3.0    SCOPE


This Data Privacy Notice applies to all personal data collected, processed, and stored by RSM. It covers personal data obtained through various channels, including services rendered to you, to us, RSM tools, RSM website (www.rsm.global/switzerland) and interactions, communication, or by otherwise dealing with RSM, our employees or representatives or when attending our events on and off-line.
We recognize the importance of protecting personal data and believe that all individuals have the right to understand how their data is handled. By this Notice, we aim to establish a framework that promotes responsible data management and safeguards the privacy rights of our users, clients, employees, suppliers, candidates and partners.
Our commitment to data privacy extends to all stages of the data lifecycle, from collection to deletion. We take appropriate measures to ensure that personal data is processed lawfully, fairly, and transparently. This Notice outlines our responsibilities as a data controller and processor and describes your rights as a data subject.
Furthermore, we maintain an ongoing commitment to review and improve our data protection practices ensuring compliance with evolving legal requirements and industry standards. We encourage you to read this Notice carefully and contact us if you have any questions or concerns regarding your personal data.

The precise scope of this Notice is as follows:

  • 4.0 Who is responsible for data control and processing?
  • 5.0 Personal data and data subject
    • 5.1 What data do we collect?
    • 5.2 How do we collect your personal data and from what sources?
    • 5.3 For which purpose do we process your personal data? 
    • 5.4 Do we transfer/share your personal data (access by third parties and cross border transfer of data) and purpose of such transfer?
    • 5.5 How do we store your personal data?
    • 5.6 How long do we retain your personal data?
    • 5.7 What are your data protection rights in regards of FADP?
  • 6.0 Privacy policies of other websites and use of third party tools
  • 7.0 Changes to our privacy notice
  • 8.0 How to contact us
  • 9.0 How to contact the appropriate authority

 

4.0    WHO IS RESPONSIBLE FOR DATA CONTROL AND PROCESSING?

This Privacy Notice applies to all data controlled and/or processed by RSM Switzerland AG and its subsidiaries in Switzerland consisting of RSM Switzerland AG, RSM Audit Switzerland SA, RSM Swiss KMU GmbH based in Switzerland.

Responsible for the processing of personal data in case of interactions with RSM Switzerland AG is: RSM Switzerland AG, CHE-106.120.560
Leutschenbachstrasse 45
8050 Zurich [email protected]


Responsible for the processing of personal data in case of interactions with RSM Audit Switzerland AG is: RSM Audit Switzerland SA, CHE-112.665.603
Leutschenbachstrasse 45
8050 Zurich [email protected]


Responsible for the processing of personal data in case of interactions with RSM Swiss KMU GmbH is: RSM Swiss KMU GmbH, CHE-401.415.788
Leutschenbachstrasse 45
8050 Zurich [email protected]


If you have any questions or comment about this Privacy Notice or how we are handling your personal data, please contact us: at the following e-mail address: [email protected] or by mail to:
RSM Switzerland AG 
Data Privacy
Leutschenbachstrasse 45
8050 Zurich

 

5.0    PERSONAL DATA AND DATA SUBJECT

Personal data means any information relating to an identified or identifiable natural person. Data subject means a natural person whose personal data is processed. Sensitive personal data means:

  • Data relating to religious, philosophical, political or trade union-related views or activities,
  • Data relating to health, the private sphere or affiliation to a race or ethnicity,
  • Genetic data,
  • Biometric data that uniquely identifies a natural person,
  • Data relating to administrative and criminal proceedings or sanctions,
  • Data relating to social assistance measures


5.1 WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?


Depending on the purpose of data processing, customer segment, and service areas, we collect and process various types of personal data, including, in certain circumstances, sensitive data to the extent permitted by the law and always limited by the relevant purpose of processing.


5.1.1 Website & Newsletters


By visiting our website, we do process personal data. Please see our privacy notice here.
By receiving RSM newsletters, we process personal data as follows:

  • Contact details: company name, last name, first name, email address, interest in RSM (at any time you can unsubscribe here)


5.1.2 Clients 


For prospective clients with whom we have not yet made contact, we can collect:

  • Personal identification details (e.g., name, address, gender, nationality)
  • Contact information (e.g., as telephone, e-mail address), and family details (e.g., marital status);
  • Information related to the professional profile (e.g., directorship/positions and professional networks)
  • Information related to company ownership and financial background.
     


For prospective, former, and current clients with whom we are taking steps to enter contractual relationships, we collect the below personal data:

  • Name, first name, email address, and, where applicable, gender, address, phone number, title, date of birth, nationality, profession, information about the employer, title, social security number, compliance-related documents (including copy of ID), family details when required such as name of spouse, partner, children.
  • Family information for mobility purposes such as permits, insurance, pension planning
  • Tax domicile and other tax-related documents and information
  • Company-related data for risk management, conflict of interest, and compliance purposes (e.g., organization chart, certificate of ownership, register of commerce, credit rating information, data from sanctions list, and shares register as well as RSM Network sources)
     

Furthermore, for the purpose of services/contractual engagement to an individual or company, we may notably collect and process the personal data in accordance with the description below:

  • Income;
  • Employee data (e.g., salary, social insurance)
  • Financial data (e.g., other assets, liabilities)
  • Wealth data (e.g., real estate data)
  • Healthcare data (only tax-related data)
  • Social insurance number
  • Reward and incentive information related to professional activities
  • Bylaws, minutes, contracts, wills, gifts, etc.
  • Accounting and tax information
  • Sensitive personal data (such as religion, perception of social assistance, debt or bankruptcy data)
  • Children-related personal data


For the management and administration of our mandates and for communication with you, we may process the following personal data:

  • For companies:
    • Legal form, share capital and paid-up capital, year of establishment of the company, external auditing body, turnover in Switzerland and abroad, annual turnover by business area, registration number
    • Branches: Location of the branch, company name, address, phone, internet, email, language of correspondence
    • Information about workforce: professional fields, number of employees or managers, percentage of positions
    • Data on individuals/partners and management members involved in the company: name, first name, year of birth, nationality, position, voting percentage, information about activity in the company
    • Data on companies and foundations holding a stake in the company: company name, registered office, area, degree of participation
    • Data on contact person: name, first name, date of birth, email, and phone
       
  • Financial information;
  • Risk assessment data:
    • Extracts from the debt collection register
    • Information regarding the engagement of individuals holding executive positions in third-party companies, and if applicable, their name, first name, company, industry, position, and employment rate
    • Data on shareholding reports
  • Payment-related information


5.1.3 Sub-contractor

As a sub-contractor of RSM, we process the below personal data:

  • Contact details: company name, last name, first name, email address, address, phone number, bank account details and, where applicable title, date of birth, nationality, profession, information about you (e.g., credit score, compliance documentation, certification, etc.)
  • Additionally, personal data statant in section 5.1.2 can be also process


5.1.3 Suppliers

As a vendor of RSM, we process the below personal data:

  • Contact details: company name, last name, first name, email address, address, phone number, bank account details and, where applicable title, date of birth, nationality, profession, information about you (e.g., credit score, compliance documentation, certification, etc.)


5.1.4 Office’s Visitors

As office visitor, we process the below personal data:

  • Contact details: company name, last name, first name, email address, address, phone number, date of birth and car plates;
  • Other information for the purpose your visit


CCTVs to access our premises are managed by the landlords and may collect images of yourselves.

 

5.1.5 Candidates and Employees
As a candidate of RSM for a potential job in our company and as employees we process the below personal data:

  • Contact details: Name, last name, first name, email address, address, phone number, date of birth
  • Other information: picture(s) or videos of yourselves, CVs, career history, cover letter, social media analysis, study certificate, work certificate, criminal records, debt register, ID or passport, social number, and bank account.


5.1.6 Attendees of RSM events
When you are attending an online RSM event we process the below personal data:

  • Contact details: Company name, last name, first name, email address, address, phone number, job title;
  • IP’s address and cookies where applicable and any other personal data related to the event purpose


When you are attending a physical RSM event we process the below personal data:

  • Contact details: Company name, last name, first name, email address, address, phone number, job title;
  • Other information: picture(s) or videos of yourselves, CV’s cover letter, dietary restriction and any other personal data related to the event purpose

 

5.1.7 Sensitive categories of personal data

During our business relationship, we receive from you “sensitive” data such as:

  • data relating to religious, philosophical, political or trade union-related views or activities that are contained in a personal identification document
  • data relating to health, the private sphere or affiliation to a race or ethnicity such as health insurance documents, receipts submitted to tax or accounting advice that reveal a relation with unions, trade unions, political parties or political opinions.
  • data relating to administrative and criminal proceedings or sanctions such as debt register, criminal records, sanction list
  • data relating to social assistance measures such as state measure documents, social certificates and social support 
  • Other data considered as sensitive that you provide us as part of our business relationship


Finally, additional personal data might be collected only for the purpose of the contractual engagement and if required to perform the engagement in accordance with the regulatory and legal obligations. 


5.2 HOW DO WE COLLECT YOUR PERSONAL DATA?


5.2.1. Directly

You directly provide voluntarily from various sources RSM with your personal data. Those sources can include:

  • When working under a business relationship (contract) to perform the professional services you request (e.g., the purpose of the services contract, using our hosted cloud platform or our hosted online applications).
  • When working for RSM
  • When going to our website via browser cookies, registering for online or physical events, subscribing to our newsletters, completing a customer survey, or providing feedback by a communication channel.
  • When applying for a job position through e-mail and/or our online recruitment platform or LinkedIn platform
  • When working with us as vendors
  • When exchanging with us in person, by e-mail, over the phone or by vision conference channel.


5.2.2. Indirectly

RSM can obtain your personal data indirectly from various sources, permitted by the law such as:

  • Public sources such as public register from the Confederation (e.g., SOGC, commercial register)
  • Public sources such as internet research (e.g., news, articles, sanctions list)
  • Social and professional media sites (e.g., Google, LinkedIn, Twitter, Instagram)
  • Recruitment agencies and related talent sourcing services agencies (e.g., screening, work history)
  • Credit and debt collection agencies (e.g., credit score)


5.3 FOR WHICH PURPOSE DO WE PROCESS YOUR PERSONAL DATA? 

We always process your personal data for a specific purpose and only process your personal data which is relevant to achieve this purpose.
In the context of data collection, we process your personal data for the following purposes: 


5.3.1 Website and Newsletter

  • To offer a personalized experience online
  • To process online inquiries (e.g., general inquiry, job application, requests for proposals), or online communications
  • To register to our on and offline events 
  • To send our newsletters and invitations to which you have agreed to receive
  • To allow you to download RSM free access brochures and documentation
  • For marketing purposes, relationship management and advertising our services


5.3.2 Clients

  • To execute and fulfill our contractual engagement
  • To comply with regulatory and legal obligations
  • To highlight our services, and competencies to both current and potential business clients
  • To oversee, enhance, and secure the operation of our information systems, applications, and website.
  • To manage online inquiries, which include addressing communications from individuals and requests for proposals, quotations or interest in our services
  • To forestall fraudulent or unlawful activities, secure our IT infrastructure, and manage claims.
  • To ensure risk and quality assurance, avert conflicts of interest, uphold our independence, and assert legitimate claims (such as debt collection procedures), while also defending against unfounded claims.


5.3.3 Sub-contractor

  • To proceed in the terms of our contract: execution and management of the business relationship
  • To preserve our valid interests, including preventing conflicts of interest
  • To comply with regulatory and legal obligations


5.3.4 Suppliers

  • To proceed in the terms of our contract: execution and management of the business relationship
  • To preserve our valid interests, including preventing conflicts of interest
  • To comply with regulatory and legal obligations


5.3.5 Offices’ visitors

  • To manage guest administration, identification, and traceability
  • To manage building security 


5.3.6 Candidates and Employees

  • To process your request to apply in our recruitment process
  • To execute, once employed our contractual engagement with you


5.3.7 Attendees of events

  • To send invitations and welcome you to our on and offline events or events that we partner or sponsor.
  • To connect to our online events and attend them
  • To ensure guests' preferences are respected
  • To promote RSM professional activities, services, and expertise to prospective and actual clients.


5.4 DO WE TRANSFER/SHARE YOUR PERSONAL DATA?


As per our General Terms and conditions, RSM when realizing the purpose of its mandate, can share personal data with a third party, respectively to another RSM Network member firm or to RSM correspondent firm as well as any third party that RSM deems appropriate and necessary to be able to realize the purpose of the mandate. RSM will ensure and procure that such a third party discharges the obligations owed by RSM under the contractual engagement. Before sharing any personal data RSM will always request your approval.


Additionally, the following categories of recipients may receive personal data from us only based on your consent:

  • Service providers (e.g., IT service companies, hosting providers, recruitment services, suppliers, advisors, lawyers, insurance companies).
  • Third parties in the context of our legal or contractual obligations, authorities (including e.g., financial and auditing supervisory authorities or tax authorities), government institutions, and courts.


5.5 HOW DO WE STORE YOUR PERSONAL DATA?


RSM ensures that your personal data are stored in Switzerland and redelivered daily to a second site in Switzerland, where applicable your personal data are stored in an adequate country and redelivered daily to a second site in an adequate country We protect personal data in our possession or under our control by making reasonable physical, technical, administrative and procedural security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.


All physical documentation is stored in a secure place within our office such as lockers.


If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our website and e-mails; any transmission is at your own risk.


5.6 HOW LONG DO RETAIN YOUR PERSONAL DATA?


Your records, including engagement agreements, contracts, correspondence, and supporting documentation, should be retained for a minimum of ten (10) years after the termination of our relationship or completion of the engagement.
RSM retains personal data for as long as it is necessary for the purposes for which it was collected, during the legally or contractually required retention periods, and as long as we have a legitimate interest in keeping them. The data is then erased.
To erase, disposal methods may include:

  • Shredding and Destruction
    • Physical documents and media, such as papers, printouts, CDs, or hard drives, will be securely shredded or destroyed using approved methods to render the data irrecoverable.
  • Deletion and Erasure
    • For electronic data, deletion methods will be employed to ensure that data is permanently erased from storage media, including hard drives, databases, and backup systems. Deletion follows recognized industry standards and guidelines.


5.7 WHAT ARE YOUR DATA PROTECTION RIGHTS IN REGARD OF FADP?


RSM would like to make sure you are fully aware of all your data protection rights. Every data subject is entitled to the following:


The right to be informed:

  • You have the right to be informed about the collection and use of your personal data.


The right to access:

  • You have the right to access to your personal data hosted by RSM. In case of copy data request


The right to rectification:

  • You have the right to request that RSM corrects any information you believe is inaccurate. You also have the right to request RSM to complete information you believe is incomplete.


    The right to erasure:

  • You have the right to request that RSM erases your personal data, under certain conditions (e.g., contract service, laws)


The right to restrict processing:

  • You have the right to request that RSM restricts the processing of your personal data, under certain conditions (e.g., contract service, laws).


The right to object:

  • You have the right to object to RSM processing (using) your personal data at any time. This effectively means that you can stop or prevent RSM from using your data (e.g., contract service, laws).

 

The right to data portability:

  • You have the right to request that RSM transfers the data that we have collected to another organization, or directly to you, under certain conditions (e.g., contract service, laws).
    The right to object:
  • You have the right to object to RSM processing (using) your personal data at any time. This effectively means that you can stop or prevent RSM from using your data (e.g., contract service, laws).


The right to object to sourcing:

  • You have the right to object to RSM processing (using) your personal data for recruiting activities


The right to object to marketing activities:

  • You have the right to object to RSM processing (using) your personal data at any time. This effectively means that you can stop or prevent RSM from using your data for marketing purposes (e.g., contract service, laws).


The right to object to withdraw your consent:

  • You have the right to withdraw your consent that you have given previously for specified purposes for processing your personal data. object to RSM processing (using) your personal data at any time. 


The right to object to automated decision-making and profiling:

  • You have the right to not be subject to a decision based solely on automated processing and ask us to review any decisions made about you based on automated processing including profiling that produce legal effects that affect you.


Please note that by using one of the above rights, we may need to retain minimal information to comply with your request. Identity verification can be requested to execute your request. It could mean that we will not be able to provide one or more of our services to you. You always be advised in advance if this is the case.


If you would like to exercise any of these rights, please contact us at our email: [email protected] or by mail to:
RSM Switzerland AG 
Data Privacy
Leutschenbachstrasse 45
8050 Zurich

 

6.0    PRIVACY POLICIES OF OTHER WEBSITES

The RSM website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their own privacy policy.

 

7.0    CHANGES TO OUR PRIVACY NOTICE

RSM keeps its Privacy Notice under regular review and places any updates on this web page. This Privacy Notice was last updated on December 12, 2023.


8.0    HOW TO CONTACT US

If you have any questions or comment about this Privacy Notice or how we are handling your personal data, please contact us at the following e-mail address: [email protected] or by mail to:
RSM Switzerland AG 
Data Privacy
Leutschenbachstrasse 45
8050 Zurich

 

9.0    HOW TO CONTACT THE APPROPRIATE AUTHORITY

Should you wish to report a complaint or if you feel that RSM has not addressed your concern in a satisfactory manner, you may contact for Switzerland the Information Commissioner's Office through this form.