DATA PROTECTION STATEMENT

1. Data Controller

The data controller responsible for the processing of personal data is:

CM Advisory and Management SA

Route des Hauts-Genevrés 6, 1784 Courtepin

info@cmam.ch

For any questions relating to data protection, you may contact us at the above address.

This statement applies to all processing of personal data carried out by the Company, unless otherwise specified in specific documents.

 

2. Personal Data Processed

We process personal data in particular in the following situations:

• in the context of our contractual relationships with our clients
• during contacts (email, telephone, meetings)
• via our website
• in the context of relationships with partners or service providers
• during job applications

The data processed include in particular:

• identification data (name, surname, contact details)
• professional data (position, company)
• contractual and engagement data
• financial data (where applicable)
• technical data (IP address, website navigation)

We may also process data obtained from public sources or third parties.

 

3. Purposes of Processing

We process personal data for the following purposes:

• provision of our advisory services
• communication with clients and partners
• administrative and contractual management
• compliance with legal and regulatory obligations
• risk management and compliance (e.g. conflicts of interest)
• IT security and operation of the website
• recruitment

 

4. Legal Bases

Processing is based in particular on:

• the performance of a contract or pre-contractual measures
• compliance with legal obligations
• our legitimate interests (organization, security, risk management)
• consent, where required

 

5. Third-Party Data

In the context of our mandates, we may process data relating to third parties provided by our clients (e.g. employees, partners).

The Client is responsible for informing such persons of the processing of their data.

 

6. Data Disclosure

We may disclose personal data to third parties, in particular:

• service providers (IT, cloud, advisory, etc.)
• partners involved in the mandate
• authorities or courts, where required

Some service providers may be located abroad. In such cases, we ensure an adequate level of protection in accordance with applicable law, in particular by entering into standard contractual clauses or based on adequacy decisions.

 

7. Retention Period

Personal data are processed and retained for as long as necessary for:

• the performance of the mandate
• compliance with legal obligations (in particular retention and documentation obligations)
• the defense of our rights

In this context, personal data may be retained for the period during which claims may be asserted against our Company (i.e. in particular during the applicable statutory limitation period) and to the extent we are otherwise required by law or legitimate business interests (e.g. for evidentiary and documentation purposes).

As a general rule, data are retained for a period of ten (10) years after the end of the contractual relationship, unless otherwise required or justified.

If no legal or contractual obligation prevents it, your personal data will, in principle, be deleted or anonymized where possible and in accordance with our standard procedures.

 

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.

 

9. Electronic Communications and Tools

Electronic communications (in particular email and videoconferencing) may involve security risks.

We use standard tools (e.g. videoconferencing solutions or cloud services) which may involve data processing by third-party providers.

The Company disclaims any liability for risks inherent in the use of such means of communication, to the extent permitted by law.

 

10. Your Rights

You have in particular the following rights:

• right of access
• right to rectification
• right to erasure
• right to restriction of processing
• right to object
• right to data portability

You may exercise these rights by contacting us.

You also have the right to lodge a complaint with the competent authority, in particular the Swiss Federal Data Protection and Information Commissioner.

 

11. Obligation to Provide Data

The provision of certain data is necessary for the conclusion and performance of a contract.

Without such data, we are unable to provide our services.

 

12. Amendments

We reserve the right to amend this Data Protection Statement at any time.

In the event of any conflict between the content of this Data Protection Statement and other language versions, the French version published on this website shall prevail.