Privacy Policy

Burkhalter Management Ltd, Hohlstrasse 475, 8048 Zurich (CHE‑103.740.080), is the operator of the website www.burkhalter.ch and all webpages of the Burkhalter Group and is therefore responsible for collecting, processing and using your personal data, handling it in accordance with applicable data protection law.

Your trust is important to us, which is why we take the issue of data protection seriously and are vigilant about providing an appropriate level of security. We do, of course, respect the legal provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), and the provisions of the EU General Data Protection Regulation (GDPR), as well as any other provisions of Swiss and European data protection law.

Please take note of the following information in order to understand which personal data we collect from you when using our websites and the purposes for which we use this.

Please bear in mind that the following information will be reviewed and modified from time to time. We therefore recommend that you consult this privacy policy regularly. Other companies may also be solely responsible or share responsibility with us for data protection in specific cases of follow-up data processing. The information from these providers is also applicable in such cases.

1. Visiting our website

Every time you visit our website, our servers temporarily store each access in a log file. As is typical for all connections with a web server, the technical data listed below is gathered during this process without any action on your part. It is saved by us at the web hosting provider Ops One AG, Weststrasse 77, 8003 Zurich, until it is automatically erased after 3 months at the latest:

• the IP address of the requesting computer
• the date and time of access
• the name and URL of the retrieved file
• the status code (e.g. error message)
• the browser used by you (type, version and language) and
• the transmission protocol used (e.g. HTTP/1.1)

This data is collected and processed in order to enable the use of our website (to establish a connection), guarantee the security and stability of the system on a long-term basis, allow us to optimise our internet offering and for internal statistical purposes. Herein lies our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or improper use of the website for information and defence purposes and, where appropriate, used in criminal proceedings for identification purposes and in civil and criminal proceedings against the users concerned. Herein lies our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

2. Using our forms

You can use one of our contact forms to get in touch with us. We require your contact details including your name, telephone number, address or email address, your request and any further information that is relevant that you may share with us when, for example, requesting a quote, making an application or registering for an event. The time that the request is received is also recorded. Compulsory information is indicated in the contact form with an asterisk (*).

We only use this data to answer your contact request in the best and most personal way possible and to issue you with a quote if need be.

The legal basis for processing this data is our legitimate interest with regard to Art. 6(1)(f) GDPR in fulfilling your request or, if your request concerns the conclusion or execution of a contract, the need to do so in order to implement the measures required pursuant to Art. 6(1)(b) GDPR.

Should you be interested in information regarding, for example, the services provided by the Burkhalter Group, this will be made readily available to you once this data has been processed if you wish. This consent can be revoked at any time.

3. Getting in contact by email

You have the option of getting in touch with us by email. For this we require your email address. We only use your email address and other information voluntarily provided by you (e.g. first name and surname) in order to respond to your request in the best and most personal way possible. Processing this data is therefore necessary with regard to Art. 6(1)(b) GDPR for the performance of (pre)contractual measures and is in our legitimate interest with regard to Art. 6(1)(f) GDPR.

4. Getting in contact by phone

You have the option of getting in touch with us by phone. You are personally responsible for your telephone communications with us and what you choose to share. We recommend that you do not communicate any sensitive information. Only the personal data that you voluntarily share with us will be collected. You are therefore in control of the information you give us. In order to answer your questions, we may ask you to provide us with further information, such as your postal or email address. We will only request personal data from you as needed to answer your questions in the best and most personal way possible and/or to perform the services that you require. Processing this data is therefore necessary with regard to Art. 6(1)(b) GDPR for the performance of (pre)contractual measures and is in our legitimate interest with regard to Art. 6(1)(f) GDPR.

5. Applying for a position by email or post

You can make a speculative application or apply for a specific role by using the relevant email or postal address. We will then collect the data sent to us from your application documents.

We use this data to review your application. Application documents from unsuccessful candidates will be deleted once the recruitment process is complete, unless you explicitly consent to a longer retention period or we are legally obliged to maintain a longer retention period. The legal basis for the processing of your data for this purpose is therefore the performance of a contract (precontractual phase) pursuant to Art. 6(1)(b) GDPR.

6. Applying for vacancies

You can use our online form to apply for vacancies. During the application process, we collect your contact details such as your name, telephone number, postal or email address, as well as additional documents necessary for the application process, such as your CV, cover letter and certificates/diplomas.

We use the tool Ostendis from Ostendis AG, Seetalstrasse 35, 5706 Boniswil, Switzerland in connection with your online application. The data is saved by Ostendis on a server in Switzerland.

We require this information in order to review your application and to contact you in connection with this if necessary. The legal basis for processing your personal data is precontractual measures and the performance of a contract pursuant to Art. 6(1)(b) GDPR, as well as our legitimate interest pursuant to Art. 6(1)(f) GDPR.

7. Cookies

Cookies help to make your visit to our website more simple, pleasant and useful in many respects. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website.

For example, we place cookies in order to temporarily store your selected services and entries when filling in a form on the website so that you do not need to repeat your entry when visiting another subpage.

Most Internet browsers accept cookies automatically. You can, however, configure your browser so that no cookies are stored on your computer or so that a notification always appears when you receive a new cookie. The pages below explain how you can configure the processing of cookies on the most common browsers.

• Microsoft Windows Internet Explorer
• Microsoft Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome for Desktop
• Google Chrome for Mobile
• Apple Safari for Desktop
• Apple Safari for Mobile

Deactivating cookies can lead to you not being able to use all of the functions on our website.

8. Tracking tools

8.1. Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the purposes of needs-based design and continual website optimisation. Google Inc. is part of the holding company Alphabet Inc. based in the USA.

In this context, pseudonymised user profiles are created and small text files stored on your computer (“cookies”) are used. The information generated by cookies about your use of this website, such as

• the route taken by a visitor when navigating the site
• the length of the visit to the website or a subpage
• the subpage from which the visitor leaves the website
• the country, region or city from which the website is accessed
• terminal (type, version, colour depth, resolution, width and height of the browser window)
• new or returning visitor

is sent to Google servers in the USA and stored there. During this process, the IP address is truncated by activating IP anonymisation (“anonymiseIP”) on this website before it is transferred within the Member States of the European Union or other signatory states to the Agreement on the European Economic Area or Switzerland. Google does not associate the anonymised IP address transmitted by your browser through Google Analytics with any other data held by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these cases, we apply contractual guarantees to ensure that Google observes a sufficient level of data protection.

The information is used to evaluate the use of the website, compile reports on website activity and provide other services related to website activity and internet usage for the purposes of market research and needs-based website design. Google may also transfer this information to third parties, where it is required to do so by law or if third parties process the data on behalf of Google. According to Google, under no circumstances will the IP address be linked to other data concerning the user.

The legal basis for processing this data is derived from your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time and/or refuse processing by rejecting or deactivating the relevant cookies in the settings of your web browser (see section 7) or by using the service-specific options detailed below.

Users can prevent Google from collecting and processing the data generated by cookies and relating to their use of the website (including their IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

8.2 Google Tag Manager

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on our website. Google Tag Manager is a system that allows marketers to manage website tags through an interface. The Google Tag Manager tool is a domain that does not use cookies and does not collect personal data. The tool triggers other tags that do collect personal data. In line with Google, Google Tag Manager does not access this data. When deactivation has been selected for the domain or cookies, this remains in force for all tracking tags implemented by Google Tag Manager. You can prevent tags from being applied at any time.

The legal basis for processing data for this purpose is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

8.3 Google Maps

We use Google Maps API (Application Programming Interface, “Google Maps”) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website to display geographic information (site plans). When using Google Maps, information about the use of our website including your IP address will be transferred to a Google server in the USA and stored there.

The legal basis for processing data for this purpose is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

It is possible to deactivate the Google Maps service and prevent data from being transferred to Google by deactivating JavaScript in your browser. But please be aware that you will be unable to use the map display in this case.

You can find more information about how Google collects, processes and uses your data as well as your rights in this regard in the Google privacy policy at https://policies.google.com/privacy, as well as the additional terms of service for Google Maps and Google Earth at https://www.google.com/intl/en_gb/help/terms_maps/.

8.4 Online advertising

Google Ads

We use the services from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on our website for online advertising. Google uses cookies for this including the so-called DoubleClick cookies that enable your browser to be recognised when visiting other websites. The information generated by the cookies about the use of this website (including your IP address) will be transferred to a Google server in the USA and stored there. You can find more information about data protection at Google at https://policies.google.com/privacy.

The legal basis for processing this data is derived from your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in your browser settings (see section 7). You can find further ad blocking options at https://support.google.com/accounts/answer/2662922.

Microsoft Bing Ads

We use conversion tracking from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, on our website. This means that a cookie from Microsoft Bing Ads is placed on your computer when you access our website via a Microsoft Bing advert. We and Microsoft Bing are then able to recognise when someone has been directed to our website and reached a predefined target page (conversion page) after clicking on an advert. We are also able to know the total number of users who have been directed to the conversion page after clicking on a Bing advert.

The legal basis for processing this data is derived from your consent pursuant to Art. 6(1)(a) GDPR.

If you do not wish for information about your behaviour to be used by Microsoft as described above, you can reject the necessary cookies, for example by deactivating automatic cookies in your general browser settings. You can also prevent Microsoft from collecting and processing the data gathered by the cookie relating to your use of the website by opting out at the following link: http://choice.microsoft.com/en-GB/opt-out. Further information about data protection and Microsoft and Bing Ads cookies can be found on the Microsoft website at https://privacy.microsoft.com/en-gb/privacystatement.

9. Social media presence

Our website contains links to social media channels. These links are not social media channel plug-ins that start transmitting data to the provider as soon as the page loads without any further action having been taken by the user. The social media buttons merely contain a link to our social media presence on the respective social media channel. No user data is transmitted from the website to the social media channels.

The links lead to the social media channels used by us:

• Facebook of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
• Instagram of Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
• LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
• Pinterest of Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA
• YouTube operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA
• Vimeo of Vimeo.com, Inc. Attention: Data Protection Officer, 330 West 34th Street, 5th Floor, New York, New York 10001, USA

When you follow a link to one of our social media channels, your browser connects directly to the server of the social media channel in question. In the process, the social media channel learns that you have visited our website with your IP address and followed the link. If you follow a link to a social media channel while logged into the social media channel with your own account, the content of our website may be linked to your social media profile. This means that the social media channel can link your visit to our website directly to your user account. If you do not wish for this to happen, you need to log out before following the relevant links. The information will certainly be associated with your account if you log into the social media channel in question after following that link.

10. Disclosing data to third parties

We will only disclose your personal data if you have given your explicit consent, if there is a legal obligation to do so, or if it is necessary to uphold our rights, in particular to enforce claims arising from the contractual relationship.

We also disclose your data to third parties insofar as this is required in the context of the use of the website and the execution of the contract, namely the provision of the services you would like to receive and the analysis of your user behaviour. Third-party use of the data disclosed for these reasons is strictly limited to the aforementioned purposes.

Various third-party providers are explicitly mentioned in this Privacy Policy (e.g. in the “Tracking tools” section).

Service providers that receive, have access to, or could have access to the personal data collected via the website are our web agency and host RTP GmbH, Josefstrasse 92, 8005 Zurich. Data is disclosed for the provision and maintenance of the functionality of our website. Herein lies our legitimate interest pursuant to Art. 6(1)(f) GDPR.

11. Transmitting personal data abroad

We have the right to pass on your data to third-party companies abroad, provided this is required in connection with processing your enquiries or providing services. These third-party companies are obliged to safeguard the user’s privacy to the same extent as the provider itself. If the data protection level in a country is considered inadequate compared to Swiss standards and/or the EU General Data Protection Regulation, we ensure by way of contract and the implementation of additional legal requirements that your personal data is at all times protected in accordance with Swiss data protection law and/or the EU General Data Protection Regulation insofar as applicable.

Data will only be passed on to third-party companies abroad for marketing purposes subject to your express permission.

Various third-party providers and their registered offices have already been mentioned in the previous section (“Disclosing data to third parties”). Individual third-party providers named in this Privacy Policy are headquartered in the USA (see “Tracking tools”).

12. Retention period

We only store personal data for as long as necessary for the use of the above-mentioned services and further processing within our legitimate interest. We store contract data for a longer period of time as this is required by statutory retention obligations. Retention obligations that oblige us to store data are set out in the provisions governing financial reporting and in tax law. In accordance with these provisions, business communication, concluded contracts and accounting records are stored for up to ten years. If we no longer require the data for the performance of services for you, the data will be locked. This means that the data may only be used for financial reporting and tax purposes.

13. Right of access, right to rectification, erasure and restriction of processing, right to data portability

You may refuse the processing of data at any time, especially in the case of data processing for direct marketing (e.g. marketing emails). You also have the following rights:

Right of access: You are entitled to request access to the personal data that we hold and process free of charge and at any time. You are therefore able to review what personal data of yours that we process and check that we are processing it in compliance with applicable data protection regulations.

Right to rectification: You are entitled to rectify incorrect or incomplete personal data and to remain informed about this process. In this case, we will inform the recipient of the data concerned about the adjustments made, provided that this is possible and does not involve a disproportionate amount of work.

Right to erasure: You are entitled to have your personal data deleted under certain circumstances. In exceptional cases, this right to erasure may be waived.

Right to restriction of processing: You are entitled under certain circumstances to request that the processing of your personal data be restricted.

Right to data portability: Users outside Switzerland are entitled under certain circumstances to receive the personal data they have provided to us in a readable format free of charge.

Right to complaint: You are entitled to lodge a complaint about how your personal data is being processed with a responsible supervisory authority.

Right to revoke: You are fundamentally entitled to revoke consent given at any time. Processing that has previously taken place on the basis of this consent will not, however, become unlawful following the revocation of your consent.

You also have the right to request that the data you have transferred to us be given back to you (right to data portability). On request, we will also pass on the data to third parties of your choice. You have the right to receive the data in a common file format.

You can reach us for the aforementioned purposes using the following contact details:

Burkhalter Management Ltd
Data Protection Officer

Hohlstrasse 475
8048 Zurich
datenschutz@burkhalter.ch

In order to process your requests, we may ask for proof of identity at our own discretion.

14. Data security

We deploy suitable technical and organisational security measures in order to protect your personal data stored by us against manipulation, partial or total loss and unauthorised third-party access. Our security measures are constantly improved in line with technological developments.

You should always handle your login details in a confidential manner and close the browser window when you have finished communicating with us, particularly if you share the computer with others.

We also take internal data protection very seriously. Our employees and the service providers commissioned by us have been sworn to secrecy and compliance with the statutory data protection provisions.

15. Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a responsible data protection supervisory authority at any time.

The responsible authority in Switzerland is the Federal Data Protection and Information Commissioner:

Eidgenössischer Datenschutz- und Informationsbeauftragter (EDÖB)
Feldeggweg 1
3003 Bern

Zurich, May 2023