Assessment Services Zwischenbild

Data Privacy

 

 

1. WHAT IS THIS PRIVACY POLICY ABOUT?

Kienbaum AG, Dufourstrasse 43, CH-8008 Zurich (“Kienbaum”, hereinafter also “we”, “us”) collects and processes personal data, in particular personal data about candidates, our clients and other contracting parties, visitors to our website, registered persons on our talent pool, participants in events, recipients of newsletters and other positions or their contact persons and employees (hereinafter also “you”). We provide information about this data processing in this privacy policy. In addition to this privacy policy, we may inform you separately about the processing of your data (e.g. in the case of forms or contractual conditions).
If you provide us with data about other persons (e.g. family members), we assume that you are authorized to do so and that this data is correct and that you have ensured that these persons are informed about this disclosure, insofar as a legal obligation to provide information applies (e.g. by bringing this privacy policy to their attention in advance).

2. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

The data controller responsible for the processing described in this privacy policy is
Kienbaum AG
Doufourstrasse 43
CH-8008 Zurich
zurich@kienbaum.ch
Phone: +41 44 306 42 40

3. WHAT CATEGORIES OF DATA DO WE PROCESS?

We process various categories of your personal data. The most important categories are as follows

  • Master data: This is general personal data such as name, contact details, personal data, photos, customer history, powers of attorney, declarations of consent and information about your relationship with us (e.g. customer, applicant, supplier) and information about third parties (e.g. contact persons).
  • Applicant data: This is data that we collect when you apply either to us or to one of our customers or when you submit a candidate profile on our Talent Pool. This includes all data contained in your application documents, such as information on your professional background, training and further education, performance assessments, qualifications, references and your current salary or salary expectations. We may also obtain data from public sources, such as job-related social networks, the internet or the media.
  • Contractual and financial data: This is data that we obtain and process as part of the provision of our services and when concluding contracts, such as data on contractual services or relating to the provision of services, information on responses (e.g. information on satisfaction) and processing (e.g. customer service) as well as data in connection with the initiation and conclusion of contracts .
  • Communication data: This is data that arises in connection with communication between us and with third parties (e.g. by e-mail, telephone, letter, contact form or via other means of communication). This includes, for example, the content of e-mails or letters, your contact details or the marginal data of the communication
  • Registration data: This is data that we receive as part of a registration on our talent pool or for our newsletter, or that you provide to us (e.g. user name, e-mail).
  • Technical data: This is data that is generated as part of the use of our electronic offers (e.g. website), such as IP address, information about the operating system of your end device, the region and the time of use. Technical data alone does not allow any conclusions to be drawn about your identity.
  • Behavioral and preference data: This is data about your behavior and preferences, such as responses to electronic communications, navigation on the website and interactions with our social media profiles; we may also supplement and link this with information from third parties (e.g. from publicly available sources).
  • Other data: This includes, in particular, data that is processed in connection with official or judicial proceedings (e.g. files, evidence, etc.), photos, video or audio recordings that we produce and on which you are recognizable (e.g. from events.)

 

4. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?

When you create a candidate profile with us, apply for a vacancy with one of our clients (or with us), use our services, kienbaum.ch/ (hereinafter “Website”), or otherwise have dealings with us, we process various categories of your personal data (see section 3). In particular, we may obtain and process this data for the following purposes:

  • Initiating, concluding, managing and processing contracts: We process personal data in connection with the initiation, conclusion, administration or execution of contracts with our customers or other contractual partners (e.g. suppliers, service providers, project partners), which in particular also includes processing for accounting purposes and for the collection and enforcement of contractual services. We also process personal data in order to be able to provide our own contractual services to our customers, such as supporting personnel selection processes, conducting interviews, training, coaching and workshops and preparing evaluations and analyses (e.g. job architectures, equal pay analyses and benchmarking). This also includes public communication.
  • Communication: We process your data in order to communicate with you and third parties by e-mail, telephone, letter or otherwise (e.g. to respond to inquiries, as part of a consultation or to initiate or process a contract). If we need or want to establish your identity, we collect additional data (e.g. a copy of an identity document).
  • Relationship management and for marketing purposes: We also process your personal data to maintain relationships and for marketing purposes, namely to send our clients, other contractual partners and other interested parties personalized advertising (e.g. on our website, as printed matter or by e-mail) about products, services and other news from us and from third parties (e.g. from other companies in the Kienbaum Group) or as part of individual marketing campaigns (e.g. events). You can reject such contacts at any time or refuse or revoke your consent to being contacted for advertising purposes by notifying us (see contact details in Section 2).
  • Market research, improvement of our services and operations and product development: In order to continuously improve our products and services (including our website), we collect data about your behavior and preferences, for example by analyzing how you navigate through our website. If necessary, we may supplement this information with data from third parties (including from publicly accessible sources).
  • Operation of our website: We also process personal data (in particular technical data) in order to operate our website in a secure and stable manner. For further information, see section 10.
  • Registration: In order to use certain offers and services (e.g. talent pool, newsletter), you must register (directly with us or via our external login service providers). For this purpose, we process the data provided during the registration process. We may also collect personal data about you while you are using the offer or service.
  • Security purposes and access controls: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and our other infrastructure (e.g. buildings). This includes, for example, analyzing and testing our IT infrastructures, system and error checks and the creation of backup copies. For documentation and security purposes (preventive and to clarify incidents), we also keep access logs and visitor lists in relation to our premises.
  • Compliance with laws, directives and recommendations from authorities and internal regulations (“compliance”): We may process personal data as part of compliance with the law (e.g. tax obligations). In addition, data may be processed in internal and external investigations (e.g. by a criminal prosecution or supervisory authority or a commissioned private body). The legal obligations may relate to Swiss law, but also to foreign regulations to which we are subject, as well as to self-regulation, industry standards, our own corporate governance and official instructions and requests.
  • Risk management and corporate governance: We obtain and process personal data as part of risk management (e.g. to protect against fraudulent activities) and corporate governance. This includes, among other things, our business organization (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units or companies).
  • Job applications: If you apply for a job with us, we obtain and process the relevant data for the purpose of checking the application, carrying out the application procedure and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. Data processing in connection with the employment relationship is the subject of a separate privacy policy.
  • Other purposes: Other purposes include, for example, training and education purposes, administrative purposes or the organization of events. We may also process personal data for the organization, implementation and follow-up of events, in particular participant lists, the content of presentations and discussions, as well as image and audio recordings made during these events. The protection of other legitimate interests is also one of the other purposes, which cannot be listed exhaustively.

 

5. WHERE DOES THE DATA COME FROM?

  • From you: You (or your end device) provide us with much of the data we process yourself (e.g. in connection with our services, the use of our website and apps, or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or make use of our services, for example, you must disclose certain data to us.
  • From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet incl. social media) or receive such data from (i) authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, as well as from (iii) other third parties (e.g. persons you have provided as a reference, address dealers, associations, contractual partners, Internet analysis services). This includes in particular the following categories: Master data, applicant data contract data and other data, but also all other categories of data as per section 3 as well as data from correspondence and meetings with third parties. If you work for an employer or client or for someone else who has a business relationship with us or is otherwise in contact with us, they may also make data about you available to us.

 

6. TO WHOM DO WE DISCLOSE YOUR DATA?

In connection with the purposes listed in section 4, we may transfer your personal data to the following categories of recipients in particular:

  • Group companies: The group companies, namely Kienbaum Consultants International GmbH and Kienbaum Consultants Austria GmbH, may use your data for themselves for the same purposes as we do, as described in this privacy policy (see section 4). The recipients generally process the data under their own responsibility.
  • Service providers: We work with service providers in Switzerland and abroad who process data that they have received from us or collected for us (i) on our behalf (e.g. IT providers), (ii) under joint responsibility with us or (iii) under their own responsibility. These service providers include, for example, IT providers, advertising service providers, banks, insurance companies, address verifiers, consulting firms or lawyers. We generally agree contracts with these third parties on the use and protection of personal data.
  • Customers and other contractual partners: This initially refers to customers and other contractual partners of ours for whom the transfer of your data arises from the contract (e.g. because you are applying for a vacancy with one of our customers). This category of recipients also includes contractual partners with whom we cooperate. The recipients generally process the data under their own responsibility.
  • Public authorities: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
  • Other persons: This refers to other cases where the involvement of third parties arises from the purposes set out in section 4. This concerns, for example, third parties in the context of representation relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. As part of our corporate development, we may sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data (including from you, e.g. as a customer or supplier or as their representative) to the persons involved in these transactions. In the context of communication with our competitors, industry organizations, associations and other bodies, data relating to you may also be exchanged.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We may restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
We also allow certain third parties to collect personal data from you on our website and at our events, including on their own responsibility (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Insofar as we are not decisively involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly. We have listed them in section 10.

7. IS YOUR PERSONAL DATA ALSO TRANSFERRED ABROAD?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but in exceptional cases – for example via subcontractors of our service providers – potentially in any country in the world.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?; including the supplements required for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in legal proceedings abroad, but also in cases of overriding public interests, if the execution of a contract that is in your interest requires such disclosure, if you have consented, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or your physical integrity or that of a third party, or if it concerns data that you have made generally accessible and the processing of which you have not objected to. We may also rely on the exemption for data from a register provided for by law (e.g. HR), which we have legitimately obtained access to.

8. WHAT RIGHTS DO YOU HAVE?

You have certain rights in connection with our data processing. In accordance with applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the disclosure of certain personal data in a common electronic format or its transfer to other data controllers.
If you wish to exercise your rights against us, please contact us; you will find our contact details in section 2. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary).
Please note that conditions, exceptions or restrictions apply to these rights (e.g. to protect third parties or business secrets). We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only excerpts.

9. HOW ARE COOKIES, SIMILAR TECHNOLOGIES AND SOCIAL MEDIA PLUG-INS USED ON OUR WEBSITE AND OTHER DIGITAL SERVICES?

When you use our website (including newsletters and other digital services), data is collected that is stored in logs (in particular technical data). We may also use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognize website visitors, evaluate their behavior and identify preferences. A cookie is a small file that is transmitted between the server and your system and makes it possible to recognize a specific device or browser. Neither the technical data we collect nor cookies generally contain any personal data.
You can set your browser so that it automatically rejects, accepts or deletes cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in your browser’s help menu.

We also use social media plug-ins, which are small software modules that establish a connection between your visit to our website and a third-party provider. The social media plug-in informs the third-party provider that you have visited our website and may send the third-party provider cookies that it has previously placed on your web browser. For more information on how these third-party providers use your personal data collected via their social media plug-ins, please refer to their respective privacy policies.
We also use our own tools and third-party services (which may use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps), to compile statistics and to place advertisements.
We may currently use the services of the following service providers in particular; their contact details and further information on the individual data processing operations can be found in the respective privacy policies:

  • etracker Provider: etracker GmbH, Privacy policy: https://www.etracker.com/datenschutzerklaerung/

Some of the third-party providers we use may be located outside Switzerland. Information on data disclosure abroad can be found under Section 8. In terms of data protection law, some of them are “only” processors of our data and some of them are controllers. Further information on this can be found in the data protection declarations.

10. HOW DO WE PROCESS PERSONAL DATA ON OUR PAGES IN SOCIAL NETWORKS?

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms can analyze your use and process this data together with other data that they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For further information on processing by the platform operators, please refer to the data privacy statements of the respective platforms.
We currently use the following platforms, whereby the identity and contact details of the platform operator can be found in the privacy policy:

  • LinkedIn www.linkedin.com, Privacy policy: https://de.linkedin.com/legal/privacy-policy

We are entitled, but not obliged, to check third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform in question.
Some of the platform operators may be located outside of Switzerland. Information on the disclosure of data abroad can be found in section 8.

11. WHAT ELSE NEEDS TO BE CONSIDERED?

We do not assume that the EU General Data Protection Regulation (“GDPR”) is applicable in our case. However, should this be the case in exceptional cases for certain data processing, this Section 12 also applies exclusively for the purposes of the GDPR and the data processing subject to it.
We base the processing of your personal data in particular on the fact that

  • it is necessary as described in section 4 for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR)
  • it is necessary for the purposes of the legitimate interests pursued by us or by third parties as described in para. 3, namely for communication with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and other legitimate interests (point 4) (Art. 6 para. 1 lit. f GDPR),
  • it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
  • you have consented to the processing separately, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

Please note that we generally process your data for as long as required by our processing purposes (see section 4), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymize your data after the storage or processing period has expired as part of our usual processes and in accordance with our retention policy.

If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. We will always indicate where the personal data requested by us is mandatory.
The right to object to the processing of your data set out in section 9 applies in particular to data processing for the purpose of direct marketing.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.

12. CAN THIS PRIVACY POLICY BE AMENDED?

This Privacy Policy is not part of any contract with you. We may amend this Privacy Policy at any time. The version published on this website is the current version.