privacy policy

Onaccounting AG

privacy policy


In this privacy statement, we, Onaccounting AG (hereinafter referred to as Onaccounting AG, we or us), describe how we collect and process personal data. This privacy statement does not represent an exhaustive description; other declarations relating to data protection may regulate specific issues. For the purposes of this privacy statement, personal data is understood to mean all information that relates to a specific or identifiable person.


  1. Responsible body and contact
  2. Onaccounting AG is responsible for the data processing that we describe here, unless otherwise stated in individual cases. Inquiries regarding data protection can be sent to us by letter or email, enclosing a copy of the ID or passport for identification of the user: Onaccounting AG, In Hätzelwisen 2, 8602 Wangen, Switzerland, 41 44 520 02 90, info@onaccounting.ch.
  3. collection and processing of personal data
  4. We process personal data in particular in the following categories of processing.
  5. Customer data of customers for whom we provide or have provided services.
  6. Personal data that we have received indirectly from our customers when providing services.
  7. When you visit our website
  8. When using our newsletter
  9. When you attend one of our events.
  10. When we communicate or a visit takes place.
  11. In any other contractual relationship, e.g. as a supplier, service provider or consultant.
  12. When applying
  13. If we are required to do so for legal or regulatory reasons.
  14. When we exercise our due diligence obligations or other legitimate interests, e.g. to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, check creditworthiness, ensure security or enforce our rights.
  15. For more detailed information, please see the description of the respective categories of processing in section 5
  16. categories of personal data
  17. The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you or about people who are in a relationship with you. This information may also be particularly sensitive personal data.
  18. We collect the following categories of personal data, depending on the purpose for which we process it:
  19. Contact information (e.g. name, first name, address, telephone number, email)
  20. Customer information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number)
  21. risk assessment data (e.g. credit information, commercial register data)
  22. Financial information (e.g. bank details)
  23. Mandate data, depending on the assignment (e.g. tax information, statutes, minutes, projects, contracts, employee data (e.g. wages, social insurance), accounting data, beneficial owners, ownership structures)
  24. Website data (e.g. IP address, device information (UDI), browser information, website usage (analysis and use of plug-ins, etc.)
  25. Application data (e.g. CV, employment references)
  26. Marketing information (e.g. newsletter registration)
  27. Security and network data (e.g. visitor lists, access controls, network and mail scanners, telephone call lists)
  28. To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties. In addition to the data you provide to us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and judicial proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process business with your employer with your help), information about you in correspondence and meetings with third parties, credit information, information about you that people in your environment (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney), information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you (e.g. B. payments made, purchases made), information from the media and the Internet about you (if this is appropriate in the specific case, e.g. in the context of an application, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location information).
  29. Purposes of data processing and legal basis
  30. provision of services
  31. We primarily process the personal data that we receive from our clients and other persons involved in the context of our mandate relationships with our customers and other contractual relationships with business partners.
  32. The personal data of our customers includes in particular the following information:
  33. Contact information (e.g. name, first name, address, telephone number, email, other contact information)
  34. Personal information (e.g. date of birth, nationality, marital status, occupation, title, job title, passport/ID number, AHV number, family circumstances, etc.)
  35. Risk assessment data (e.g. credit information, commercial register data, sanctions lists, specialised databases, data from the Internet)
  36. Financial information (e.g. data on bank accounts, investments or shareholdings)
  37. Mandate data, depending on the order, e.g. tax information, statutes, minutes, employee data (e.g. wages, social insurance), accounting data, etc.
  38. Particularly sensitive personal data: This personal data may also include particularly sensitive personal data, such as data on health, religious views or social assistance measures, especially if we provide services in the area of payroll processing or accounting.
  39. We process this personal data for the purposes described based on the following legal bases:
  40. Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (e.g. consulting, trust)
  41. Compliance with a legal obligation (e.g. when we perform our duties as auditor or are required to disclose information)
  42. Safeguarding legitimate interests (e.g. for administrative purposes, to improve our quality, ensure security, manage risks, enforce our rights, defend ourselves against claims or to examine possible conflicts of interest)
  43. Consent (e.g. to send you marketing information).
  44. Indirect data processing from service provision
  45. When we provide services to our customers, we may also process personal data that we have not collected directly from the data subjects or personal data of third parties. These third parties are usually employees, contact persons, family members or people who have a relationship with the customers or the data subjects for other reasons. We need this personal data to fulfill contracts with our customers. We receive this personal data from our customers or from third parties commissioned by our customers. Third parties whose information we process for this purpose are informed by our customers that we process their data. Our customers can refer to this privacy policy for this purpose.
  46. The personal data of the people who have a relationship with our customers includes in particular the following information:
  47. Contact information (e.g. name, first name, address, telephone number, email, other contact information, marketing data)
  48. Personal information (e.g. date of birth, nationality, marital status, occupation, title, job title, passport/ID number, AHV number, family circumstances, etc.)
  49. Financial information (e.g. data on bank accounts, investments or shareholdings)
  50. Mandate data, depending on the order, e.g. tax information, statutes, minutes, employee data (e.g. wages, social insurance), accounting data
  51. Particularly sensitive personal data: This personal data may also include particularly sensitive personal data, such as data on health, religious views or social assistance measures, especially if we provide services in the area of payroll processing or accounting.
  52. We process this personal data for the purposes described based on the following legal bases:
  53. Conclusion or performance of a contract with the data subject or for the benefit of the data subject (e.g. when we perform our contractual obligations)
  54. Compliance with a legal obligation (e.g. when we perform our duties as auditor or are required to disclose information)
  55. Safeguarding legitimate interests, in particular our interest in providing optimal service to our customers.
  56. use of our website
  57. In order to use our website, no personal data needs to be disclosed. However, the server records a series of user information each time it is accessed, which is temporarily stored in the server's log files.
  58. When using this general information, no assignment to a specific person takes place. The collection of this information or data is technically necessary in order to display our website and to ensure its stability and security. This information is also collected in order to improve the website and to analyze its use.
  59. This includes in particular the following information:
  60. Contact information (e.g. name, first name, address, telephone number, email)
  61. Further information that you send to us via the website
  62. Technical information automatically transmitted to us or our service providers, information on user behavior or website settings (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, clicking on links, etc.)
  63. We process this personal data for the purposes described based on the following legal bases:
  64. Safeguarding legitimate interests (e.g. for administrative purposes, to improve our quality, analyze data or promote our services)
  65. Consent (e.g. to the use of cookies or the newsletter).
  66. newsletter usage
  67. If you subscribe to our newsletter, we will use your email address and other contact details to send you the newsletter. You can subscribe to our newsletter with your consent. The mandatory information for sending the newsletter is your full name and email address, which we save after you register. The legal basis for processing your data in connection with our newsletter is your consent to the sending of the newsletter. You can revoke this consent and unsubscribe from the newsletter at any time.
  68. participation in events
  69. If you attend an event organized by us, we collect personal data in order to organize and hold the event and, if necessary, to send you additional information afterwards. We also use your information to inform you about other events. We may photograph or film you at these events and publish these images internally or externally.
  70. This includes in particular the following information:
  71. Contact information (e.g. name, first name, address, telephone number, email)
  72. Personal information (e.g. profession, function, title, employer company, eating habits)
  73. pictures or videos
  74. Payment information (e.g. bank details).
  75. We process this personal data for the purposes described based on the following legal bases:
  76. Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (enabling participation in the event)
  77. Safeguarding legitimate interests (e.g. holding events, disseminating information about our event, providing services, efficient organization)
  78. Consent (e.g. to send you marketing information or create images).
  79. Direct communication and visits
  80. If you contact us (e.g. by phone, email or chat) or we contact you, we process the personal data required for this purpose. We also process this personal data when you visit us. In this case, you may be required to leave your contact details before your visit or at reception. We will keep these for a certain period of time in order to protect our infrastructure and our information.
  81. We use the “Zoom” or “Microsoft Teams” service to conduct telephone conferences, online meetings, video conferences and/or webinars (“online meetings”).
  82. In particular, we process the following information:
  83. Contact information (e.g. name, first name, address, telephone number, email)
  84. peripheral data on communication (e.g. IP address, duration of communication, communication channel)
  85. Recordings of conversations, e.g. during video conferences
  86. Other information that the user uploads, provides or creates while using the video conferencing service, as well as metadata used to maintain the service provided, additional information about the processing of personal data by "Zoom" or Microsoft Teams can be found in their privacy policies.
  87. Personal information (e.g. profession, function, title, employer company)
  88. Time and reason for the visit.
  89. We process this personal data for the purposes described based on the following legal bases:
  90. Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (provision of a service)
  91. Safeguarding legitimate interests (e.g. security, traceability, and processing and administration of customer relationships).
  92. applications
  93. You can submit your application for a position with us by post or via the email address provided on our website. The application documents and all personal data disclosed to us will be treated as strictly confidential, not disclosed to any third party and only processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application dossier will either be returned to you after the application process has been completed or deleted/destroyed, unless it is subject to a statutory retention period. The legal basis for processing your data is your consent, the fulfillment of the contract with you and our legitimate interests.
  94. In particular, we process the following information:
  95. Contact information (e.g. name, first name, address, telephone number, email)
  96. Personal information (e.g. profession, function, title, employer company)
  97. Application documents (e.g. motivation letter, certificates, diplomas, CV)
  98. Evaluation information (e.g. HR consultant assessment, reference information, assessments)
  99. We process this personal data for the purposes described based on the following legal bases:
  100. safeguarding legitimate interests (e.g. hiring new employees)
  101.  
  102. Suppliers, service providers, other contractual partners
  103. If we enter into a contract with you so that you can provide a service for us, we will process personal data from you or your employees. We need this to communicate with you and to use your services. We may also process this personal data to check whether there could be a conflict of interest in connection with our work as an auditor and to ensure that we do not take any unwanted risks with our collaboration, e.g. with regard to money laundering or sanctions.
  104. In particular, we process the following information:
  105. Contact information (e.g. name, first name, address, telephone number, email).
  106. Personal information (e.g. profession, position, title, employer company).
  107. Financial information (e.g. bank details).
  108. We process this personal data for the purposes described based on the following legal bases:
  109. Conclusion or performance of a contract with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement
  110. Safeguarding legitimate interests (e.g. avoiding conflicts of interest, protecting the company, enforcing legal claims).
  111. tracking technologies
  112. We use the consent tool "Real Cookie Banner" to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how "Real Cookie Banner" works can be found at https://devowl.io/rcb/data-processing/ The legal basis for the processing of personal data in this context is Art. 6 Para. 1 lit. c GDPR and Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents. The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we cannot manage your consents.
  113. web and newsletter analysis
  114. In order to obtain information about the use of our website, to improve our internet offering and to be able to address you with advertising on third-party websites or on social media, we use the following web analysis tools and retargeting technologies: Google Analytics, Google Ad Sens, Google Fonts, Gravatar, Jetpack SiteStats Wordpress Emojis, Cloudflare, Elementor and Elementor Forms, Font Awesome.
  115. These tools are provided by third parties. The information collected for this purpose on the use of a website is usually transmitted to the third-party provider's server through the use of cookies or similar technologies. Depending on the third-party provider, these servers are located abroad.
  116. The data is normally transmitted with the IP addresses shortened, which prevents the identification of individual end devices. This information is only transmitted by third parties based on legal regulations or as part of order data processing.
  117. Google Analytics
  118. We use Google Analytics, the web analysis service of Google LLC, Mountain View, California, USA, on our websites; Google Limited Ireland ("Google") is responsible for Europe. To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store specific, user-related information on the user's device. These enable Google to analyze the use of our website. The information collected by the cookie about the use of our pages (including your IP address) is usually transferred to a Google server in the USA and stored there. We would like to point out that Google Analytics has been extended on this website to include the code "gat._anonymizeIp();" to ensure anonymous collection of IP addresses (so-called IP masking). If anonymization is active, Google shortens IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google may associate your IP address with other Google data. For data transfers to the USA, Google has committed to signing and complying with the EU standard contractual clauses. .
  119. Social Media Plugins
  120. Our website uses so-called social media plug-ins ("plug-ins") from third parties. The plug-ins can be identified by the logo of the respective social network. We use the plug-ins to offer you the opportunity to interact with the social networks and other users. We use the following plug-ins on our website: Facebook, Instagram, LinkedIn, WhatsApp. When you visit our website, your browser establishes a direct connection to the third-party provider's servers. The content of the plug-in (e.g. YouTube videos) is sent directly to your browser by the respective third-party provider and integrated into the page.
  121. The data transfer to display content (e.g. publications on Twitter) occurs regardless of whether you have an account with a third-party provider and are logged in there. If you are logged in with the third-party provider, the data we collect from you will also be assigned directly to your existing account with the third-party provider. If you activate the plug-ins, the information will also be published on the social network and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by the third-party providers as well as your rights and setting options to protect your privacy can be found in the third-party providers' data protection information. The third-party provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is also carried out in particular for users who are not logged in in order to display needs-based advertising and to inform other users of the social network about your activities on our website. If you want to prevent third-party providers from assigning the data collected via our website to your personal profile in the respective social network, you must log out of the relevant social network before visiting our website. You can also completely prevent the plug-ins from loading using specialised add-ons for your browser such as "Ghostery" (https://www.ghostery.com/) or "NoScript" (http://noscript.net/).
  122. data sharing and data transmission
  123. We only pass on your data to third parties if this is necessary to provide our services, if these third parties provide a service for us, if we are legally or officially obliged to do so, or if we have an overriding interest in passing on the personal data. We will also pass on personal data to third parties if you have given your consent or have asked us to do so.
  124. Not all personal data is transmitted in encrypted form as standard. Unless explicitly agreed otherwise with the customer, accounting data, payroll administration data, pay slips and statements are transmitted unencrypted.
  125. The following categories of recipients may receive personal data from us: • Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies). • Third parties within the scope of our legal or contractual obligations, authorities, state institutions, courts.
  126. We conclude contracts with service providers who process personal data on our behalf, which oblige them to guarantee data protection. The majority of our service providers are located in Switzerland or in the EU/EEA. Certain personal data may also be transferred to the USA (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. If it is necessary to transfer data to other countries that do not have an adequate level of data protection, this will be done on the basis of the EU standard contractual clauses (e.g. in the case of Google) or other suitable instruments).
  127. Duration of storage of personal data
  128. We process and store your personal data as long as it is necessary to fulfil our contractual and legal obligations or for the purposes pursued by the processing, i.e. for example for the duration of the entire business relationship (from initiation and processing to termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data will be retained for the period in which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and to the extent that we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymized as far as possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less generally apply.
  129. data security
  130. We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data media and transmissions, pseudonymization and controls.
  131. Obligation to provide personal data
  132. As part of our business relationship, you must provide the personal data that is necessary for establishing and conducting a business relationship and fulfilling the associated contractual obligations (you generally have no legal obligation to provide us with data). Without this data, we will not be able to conclude or process a contract with you (or the body or person you represent). The website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.
  133. your rights
  134. You have the following rights in connection with our processing of personal data:
  135. Right to information about the personal data we have stored about you, the purpose of the processing, the origin and the recipients or categories of recipients to whom the personal data is passed on.
  136. Right to rectification if your data is incorrect or incomplete.
  137. Right to restrict the processing of your personal data
  138. Right to request the deletion of processed personal data
  139. right to data portability
  140. Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons.
  141. Right to lodge a complaint with a competent supervisory authority, where provided for by law.
  142. To exercise these rights, please contact the address provided under point 1.
  143. Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or need it to assert claims. If you incur costs, we will inform you in advance.
  144. Change of Privacy Policy
  145. We expressly reserve the right to change this privacy policy at any time.Last modified: June 2023