Privacy Policy

1. What is this privacy policy about?

Bridg Rickenbacher Consulting (hereinafter also referred to as "we", "us"), with its registered office in Basel, procures and processes personal data in the course of its business activities. In this Privacy Policy, we inform you about this data processing.

We have aligned this Privacy Policy with both the Swiss Federal Act on Data Protection and the European General Data Protection Regulation – GDPR for short. The GDPR has established itself worldwide as a benchmark for strong data protection. However, whether and to what extent the GDPR is applicable depends on the individual case.

2. Who is responsible for data processing?

Under data protection law, the company that determines whether this processing is to take place, for what purposes it takes place, and how it is designed is responsible for the respective data processing. The following is generally responsible for the data processing according to this Privacy Policy:

Bridg Rickenbacher Consulting
c/o Christian Rickenbacher
Maiengasse 15
CH-4056 Basel
privacy@bridg.ch

3. What personal data do we process and for what purpose?

When you use our services, use bridg.ch (hereinafter "website"), or otherwise interact with us, we collect and process various categories of your personal data. In principle, we may collect and otherwise process this data in particular for the following purposes:

3.1. Communication

We process personal data so that we can communicate with you and third parties via email, telephone, letter, or other means. This also includes that we can provide our customers, contractual partners, and other interested parties with information about events, news about Bridg, or similar. This can be done, for example, in the form of newsletters and other regular contacts (electronic, by post, by telephone). You can refuse such communication at any time or refuse or revoke consent to such communication. For this purpose, we process in particular the content of the communication, your contact data, and the marginal data of the communication, but also image and audio recordings of (video) calls. In the case of an audio or video recording, we will point this out to you separately, and you are free to inform us if you do not wish to be recorded or to end the communication. If we need or want to determine your identity, we collect additional data (e.g. a copy of an ID card).

3.2. Contract execution

In order to fulfill our contractual obligations to you, the processing of personal data is essential. This already begins with the first contact and runs through the entire process of contract initiation, conclusion, administration, and execution. When you contact us, we collect data such as your name, your contact details, information about your company, and your request. This serves to understand your request and to provide you with a suitable offer. Once a contract has been concluded, we require further data to provide our services. This includes, for example, information about your IT infrastructure, your business processes, and your employees. We use this data to provide you with tailor-made advice. Within the scope of contract execution, we collect and process in particular the following data: master data (name, address, contact data, company name), contract data (subject matter of the contract, term, remuneration), communication data (emails, letters, telephone records), and project-related data (documentation, analyses, reports, presentations). The processing of this data serves to fulfill our contractual obligations, invoicing and payment processing, communication with you, and quality assurance. The processing of your personal data in the context of contract execution is primarily for the fulfillment of our contractual obligations. In some cases, we also rely on our legitimate interests, such as improving our services. You have the right to obtain information about the personal data processed by us, to request the correction or deletion of your data, and to demand the restriction of processing. Please note that this is just an example of a paragraph on contract execution. You should adapt this text to the specific needs of your company.

3.3. Operation of our website

In order to be able to operate our website securely and stably, we collect technical data, such as IP address, information about the operating system and settings of your end device, the region, the time, and the type of use. We also use cookies and similar technologies. For further information, see Section 7.

3.4. Improvement of our electronic services

In order to continuously improve our website and other electronic services, we collect data about your behavior and preferences, for example by analyzing how you navigate through our website and how you interact with our social media profiles.

3.5. Security and prevention

The security of your data and the protection of our IT systems and infrastructure is our top priority. To ensure this and to prevent misuse, we process personal data for security purposes. This includes, among other things, ensuring IT security, preventing theft, fraud, and misuse, and preserving evidence.

Specifically, we take the following measures:

  • IT security: We use technical and organizational security measures to protect your data from unauthorized access, loss, or misuse. These include, for example, firewalls, encryption technologies, and access controls.  
  • Access controls: Access to our office premises is controlled to prevent unauthorized persons from accessing our systems and data.
  • Video surveillance: We use video surveillance systems in our premises to ensure the safety of our employees and visitors and to prevent crime.
  • Analysis of log data: We evaluate system logs to detect suspicious activity and ward off cyber attacks.
  • Data backup: We regularly create backups to protect your data in the event of a system failure.

The processing of your personal data in the context of security measures is primarily to safeguard our legitimate interests, in particular the protection of our IT systems and the prevention of criminal offenses.

As a Swiss service company, we are subject to various legal requirements that make the processing of personal data necessary. These include, among other things:

  • Compliance with legal provisions: We comply with all applicable laws and regulations on data protection and data security, including the GDPR and the Swiss Federal Act on Data Protection.
  • Combating money laundering and terrorist financing: We fulfill our due diligence obligations in the context of combating money laundering and carry out the necessary checks.
  • Tax obligations: We process personal data in order to comply with our tax obligations.
  • Professional obligations: As a service provider, we are subject to certain professional confidentiality obligations.
  • Cooperation with authorities: We cooperate with authorities and courts and provide the necessary information upon request, insofar as we are legally obliged to do so.
  • Internal compliance: We have implemented internal guidelines and processes to ensure compliance with legal requirements.

The processing of your personal data in the context of compliance with legal requirements is primarily to fulfill our legal obligations.

3.7. Administration and corporate management

Efficient administration and corporate management requires the processing of certain personal data. This covers various areas:

  • Internal organization and processes: We process personal data to optimize our internal processes, plan resources, and manage the general development of the company.
  • Financial administration and accounting: Personal data is processed for accounting, invoicing, and controlling.
  • Training and further education: We use personal data for internal training and further education measures, for example to improve the quality of our consulting services.
  • Risk management: In order to minimize risks and protect our business activities, personal data is processed as part of risk management.
  • Communication and cooperation: The processing of personal data enables us to communicate efficiently internally and externally and to cooperate with partners and authorities.

Job applications: If you apply to us, we process your personal data to check your suitability for the position and to carry out the application procedure. The data processed includes information from your application documents (CV, cover letter, certificates, etc.), information from communication (emails, letters, telephone records), and, if applicable, information from publicly accessible sources. The processing of your data serves to process your application, to evaluate your qualifications, and to determine whether you are suitable for the advertised position. In the event of a successful application, we also use your data to prepare and conclude the employment contract.

The processing of your personal data in the context of administration and corporate management is primarily to safeguard our legitimate interests, such as optimizing our business processes and improving our services. The processing of your data in the context of the application procedure is primarily for the initiation of an employment relationship.

4. Where does the personal data come from?

4.1. Data provided

Most of the personal data that we process is provided to us directly by you. This happens, for example, when you

  • make use of our services,
  • communicate with us (e.g. by email, telephone or contact form)
  • use our website or apps,
  • apply for a job with us,
  • take part in our events.

The provision of your data is generally voluntary. However, in order to make use of certain services, such as the conclusion of a contract or the use of our website, it is necessary to provide certain data.

4.2. Data collected

In addition to the data provided by you, we also collect certain data ourselves. This is done, for example, by

  • Analysing your use of our website and apps: We use cookies and similar technologies to collect information about your usage behaviour. This data helps us to improve our website and apps and provide you with a personalised user experience.
  • Publicly available sources: We may collect data from publicly accessible sources such as the commercial register, the internet or social media.

4.3. Data received

We also receive personal data from third parties. This includes:

  • Public authorities: We may receive data from public authorities, for example in the context of legal proceedings or official enquiries.
  • Your employer or client: If you contact us on behalf of your employer or client, we may receive data from them.
  • Other third parties: These may be, for example, customers, counterparties, legal expenses insurers, credit agencies, address dealers or internet analysis services.

5. To whom do we disclose personal data?

In connection with the purposes listed in section 3, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality. All of these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

5.1. Service providers

We work with service providers in Germany and abroad who process data (i) on our behalf, (ii) on our joint responsibility or (iii) on their own responsibility, which they have received from us or collected for us (These service providers include, for example, IT providers, banks, insurance companies, debt collection agencies, credit agencies, address verifiers and other consulting firms). We generally agree contracts with these third parties on the use and protection of personal data.

5.2. Other persons

This refers to other cases where the inclusion of third parties arises from the purposes set out in section 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of agency relationships (e.g. your bank). If we co-operate with the media and transmit material to them (e.g. photos), you may also be affected. As part of our corporate development, we may sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data (including yours, e.g. as a customer or supplier or as their representative) to the persons involved in these transactions. In the course of communication with our competitors, industry organisations, associations and other bodies, data relating to you may also be exchanged.

5.3. Further information on the disclosure of personal data

We also allow certain third parties to collect personal data from you on our website and at our events, including on their own responsibility (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Unless we are decisively involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly. We have listed your rights in section 9. Information on the activities on our website can be found in section 7.

6. How do we disclose personal data abroad?

We usually process and store personal data in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and other recipients (see section 5) who are located outside this area or who process personal data outside this area, in principle in any country in the world. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner.

One way of ensuring adequate data protection is, for example, to conclude data transfer agreements with the recipients of your personal data in third countries that ensure the necessary data protection. These include contracts that have been approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. An example of the data transfer contracts we generally use can be found at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en. Please note that such contractual precautions can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. from state access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permitted in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the performance of a contract.

7 How do we use cookies and similar technologies?

When using our website (including newsletters and other digital offers), data is collected that is stored in logs (in particular technical data). We may also use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognise website visitors, evaluate their behaviour and identify preferences. A cookie is a small file that is transmitted between the server and your system and enables a specific device or browser to be recognised.

You can set your browser so that it automatically rejects, accepts or deletes cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in your browser's help menu.

Neither the technical data collected by us nor cookies generally contain any personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.

We also use social media plug-ins, which are small pieces of software that establish a connection between your visit to our website and a third-party provider. The social media plug-in informs the third-party provider that you have visited our website and may send the third-party provider cookies that they have previously placed on your web browser. For more information on how these third-party providers use your personal data collected via their social media plug-ins, please refer to their respective privacy policies.

We also use our own tools and third-party services (which may themselves use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps), to compile statistics and to place adverts.

A detailed list of our currently used cookies appears by clicking on ‘Cookies’ in the footer of our website.

Some of the third-party providers we use may be located outside Switzerland. Information on data disclosure abroad can be found in section 6. In terms of data protection law, some of them are "only" processors on our behalf and some are controllers. Further information on this can be found in the data protection declarations.

8. How do we process personal data on our pages in social networks?

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context, whereby we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms can analyse your use and process this data together with other data that they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms) and act as their own data controllers for this purpose. For more information on processing by the platform operators, please refer to the privacy policies of the respective platforms.

We currently use the following platforms, whereby the identity and contact details of the platform operator can be found in the privacy policy in each case:

We are authorised, but not obliged, to check third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform in question.

Some of the platform operators may be located outside Switzerland. Information on the disclosure of data abroad can be found in section 6.

9. What rights do you have in connection with the processing of your personal data?

You have certain rights in connection with our data processing. In accordance with applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the erasure of personal data, object to data processing, request the disclosure of certain personal data in a commonly used electronic format or its transfer to another controller.

If you wish to exercise your rights against us, please contact us; you will find our contact details in section 2. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID).

Please note that conditions, exceptions or restrictions apply to these rights (e.g. to protect third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only extracts.

10. What else needs to be considered?

We do not assume that the EU General Data Protection Regulation (‘GDPR’) is applicable in our case. However, should this be the case in exceptional cases for certain data processing, this Section 10 applies exclusively for the purposes of the GDPR and the data processing subject to it.

We base the processing of your personal data in particular on the fact that

  • It is necessary as described in Section 3 for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
  • It is necessary for the purposes of the legitimate interests pursued by us or by third parties as described in para. 3, in particular for communication with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organisation, implementation and follow-up of events and to safeguard other legitimate interests (see section 3) (Art. 6 para. 1 lit. f GDPR);
  • It is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
  • You have consented to the processing separately, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

Please note that we will generally process your data for as long as required by our processing purposes (see section 3), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymise your data after the storage or processing period has expired as part of our normal processes and in accordance with our retention policy.

If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. As a matter of principle, we indicate where personal data requested by us is mandatory.

The right to object to the processing of your data set out in section 9 applies in particular to data processing for the purpose of direct marketing. If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

10. Changes to this privacy policy

This privacy policy may be amended over time, in particular if we change our data processing or if new legislation becomes applicable. We will actively inform persons whose contact details are registered with us of any significant changes if this is possible without disproportionate effort. In general, the current version of the privacy policy at the start of the relevant processing applies to data processing.

Last change: November 2024