In this privacy policy, we, BCM Audit & Advisory AG (hereinafter referred to as "BCM," "we," or "us"), describe how we collect and process personal data. This privacy policy does not provide an exhaustive description; other statements regarding data protection may regulate specific matters. For the purposes of this privacy policy, personal data refers to all information relating to an identified or identifiable person.

1. Responsible Entity and Contact

BCM is responsible for the data processing described here unless otherwise specified in individual cases. Inquiries regarding data protection can be sent to us by letter or email, including a copy of the user's ID or passport for identification:

BCM Audit & Advisory AG
Grafenaustrasse 15
6300 Zug
Tel: +41 44 508 07 44
E-Mail: info@bcmauditadvisory.ch

2. Collection and Processing of Personal Data

We process personal data, in particular, in the following categories of processing:

  • Customer data of clients for whom we provide or have provided services.
  • Personal data that we have indirectly received from our clients in the course of providing services.
  • When visiting our website.
  • When using our newsletter.
  • When participating in an event organized by us.
  • When we communicate or when a visit takes place.
  • In the case of other contractual relationships, such as with suppliers, service providers, or consultants.
  • In the case of applications.
  • When we are required to do so by legal or regulatory obligations.
  • When we fulfill our due diligence obligations or other legitimate interests, e.g., to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security, or enforce our rights.

More detailed information can be found in the description of the respective categories of processing in section 4.

3. Categories of Personal Data

The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you or about individuals who are in a relationship with you. This information may, in some cases, include particularly sensitive personal data. We collect the following categories of personal data, depending on the purpose for which we process them:

  • Contact information (e.g., name, first name, address, phone number, email)
  • Customer information (e.g., date of birth, nationality, marital status, occupation, title, job title, passport/ID number, social security number)
  • Risk assessment data (e.g., credit information, commercial register data)
  • Financial information (e.g., bank account details)

More detailed information can be found in the description of the respective categories of processing in section 4.

4. Purposes of Data Processing and Legal Bases

We primarily process the personal data that we receive from our clients and other contractual relationships with business partners, as well as from other involved individuals, within the framework of our mandate relationships. The personal data of our clients specifically include the following information:

  • Contact information (e.g., name, first name, address, phone number, email, other contact information)
  • Personal information (e.g., date of birth, nationality, marital status, occupation, title, job title, passport/ID number, social security number, family circumstances, etc.)
  • Risk assessment data (e.g., credit information, commercial register data, sanctions lists, specialized databases, data from the internet)
  • Financial information (e.g., bank account details, investments, or holdings)

We process these personal data for the described purposes based on the following legal grounds:

  • Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and potential enforcement (e.g., consulting, fiduciary services).
  • Fulfillment of a legal obligation (e.g., when we fulfill our duties as an audit firm or are required to disclose information).
  • Protection of legitimate interests (e.g., for administrative purposes, to improve our quality, ensure security, manage risks, enforce our rights, defend against claims, or to assess potential conflicts of interest).
  • Consent (e.g., to send you marketing information).

More detailed information can be found in the description of the respective categories of processing in section 4.

5. Tracking Technologies

We use cookies on our website. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site. The cookie stores information related to the specific device you are using. However, this does not mean that we immediately gain knowledge of your identity. The use of cookies serves, on one hand, to make the use of our service more pleasant for you. For example, we use session cookies to recognize that you have already visited certain pages of our website. These cookies are automatically deleted once you leave our site. Additionally, we also use temporary cookies to improve user experience, which are stored on your device for a specific period. If you visit our site again to use our services, we can automatically recognize that you have previously visited us and which entries and settings you made, so you do not have to enter them again. On the other hand, we use cookies to statistically track the use of our website and to evaluate the optimization of our services. These cookies allow us to automatically recognize that you have visited us before when you return to our site. These cookies are automatically deleted after a defined period. The data processed through cookies is necessary for the mentioned purposes. Most browsers accept cookies by default. However, you can configure your browser to prevent cookies from being stored on your computer or to always display a notification before a new cookie is created. Please note that fully disabling cookies may prevent you from using all features of our website.

6. Web and Newsletter Analysis

To gain insight into the use of our website, improve our online services, and be able to target you with advertising on third-party websites or social media, we use various web analysis tools and retargeting technologies, including Google Analytics, newsletter tools, etc. These tools are provided by third-party vendors. Typically, the information collected for this purpose about the use of a website is transmitted to the server of the third party through the use of cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad. The data is generally transmitted with the IP addresses shortened, which prevents the identification of individual devices. The transfer of this information by third parties only occurs in compliance with legal requirements or within the framework of contract data processing.

7. Data Transfer and Data Transmission

We only share your data with third parties if it is necessary for providing our services, if these third parties provide services on our behalf, if we are legally or administratively obligated to do so, or if we have a legitimate interest in sharing the personal data. We will also disclose personal data to third parties if you have given your consent or requested us to do so. Not all personal data is transmitted encrypted by default. Unless otherwise explicitly agreed with the client, information such as accounting data, payroll administration data, pay slips, tax documents, etc., may be transmitted unencrypted.

8. Retention Period of Personal Data

We process and store your personal data as long as it is necessary to fulfill our contractual and legal obligations or for the purposes pursued by the processing. This means, for example, for the duration of the entire business relationship (from initiation, execution, to termination of a contract) and beyond, in accordance with legal retention and documentation requirements. It is possible that personal data will be retained for the period during which claims can be made against our company (i.e., particularly during the statutory limitation period) and as long as we are otherwise legally obligated or legitimate business interests require it (e.g., for evidence and documentation purposes). Once your personal data is no longer necessary for the above-mentioned purposes, it will generally be deleted or anonymized, as far as possible. For operational data (e.g., system logs, logs), shorter retention periods of twelve months or less typically apply.

9. Data Security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, providing training, implementing IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, and regular monitoring.

10. Obligation to Provide Personal Data

As part of our business relationship, you must provide the personal data that is necessary for the initiation and execution of a business relationship and the fulfillment of the associated contractual obligations (you are generally not legally obligated to provide us with data). Without this data, we will not be able to conclude or process a contract with you (or the entity or person you represent). The website cannot be used either if certain information required for data traffic (such as IP address) is not disclosed.

11. Your Rights

You have the following rights in connection with our processing of personal data:

  • Right to access information about the personal data stored about you, the purpose of processing, the origin of the data, as well as the recipients or categories of recipients to whom the personal data is disclosed.
  • Right to rectification if your data is incorrect or incomplete.
  • Right to restriction of the processing of your personal data.
  • Right to request the deletion of the processed personal data.
  • Right to data portability.
  • Right to object to data processing or to withdraw consent for the processing of personal data at any time, without providing reasons.
  • Right to lodge a complaint with a competent supervisory authority, if legally provided.

To exercise these rights, please contact the address provided in Section 1. However, please note that we reserve the right to apply the legally required restrictions, for example, if we are obligated to retain or process certain data, have a legitimate interest in doing so (as long as we are allowed to invoke it), or need it to assert claims. If any costs are incurred, we will inform you in advance.

12. Changes to the Privacy Policy

We expressly reserve the right to change this privacy policy at any time. Last updated: April 2025.