Accounto AG, Militärstrasse 105, 8004 Zurich, Switzerland (hereafter “Accounto”) is the author of this Privacy Statement and the owner of the information (data) collected in relation to you in accordance with this Privacy Statement. The General Terms and Conditions of Business (GTC) of Accounto are also applicable.
We are aware how important it is for you for your personal information to be handled carefully. We thus appreciate the trust you place in Accounto that it will deal with this information in a conscientious manner. Accounto is responsible for collecting, processing, disclosing, storing and protecting your personal information and ensures that the Swiss Data Protection Act is complied with in relation to the data of Swiss customers, as well as the EU General Data Protection Regulation in relation to the data of customers from the EU.
The consent provided by you under this Privacy Statement may be withdrawn by you at any time with future effect (cf. clause 10, last paragraph).
1. Contact data
The Controller for data processing purposes is:
+41 (0)44 520 60 51
The Data Protection Officer of Accounto AG may be contacted at: firstname.lastname@example.org
2. Applicable law
Data processing by Accounto is governed by the following laws:
Data of Swiss customers and Swiss visitors to our website
Swiss law exclusively is applicable to the processing of data of Swiss customers, including in particular the Swiss Federal Act on Data Protection (DSG, SR 235.1) along with the related Ordinance to the Federal Act on Data Protection (SR 235.11). The EU General Data Protection Regulation (GDPR) is not applicable. The foregoing is without prejudice to the applicability of the GDPR (i) insofar as expressly provided for in this Privacy Statement in respect of any specific individual issues, and (ii) insofar as, owing to the particular circumstances, the GDPR is applicable on a mandatory basis also to the data of Swiss customers.
Data of customers from the EU and visitors to our website from the EU
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) is applicable in addition to Swiss law to the processing of the data of customers from the EU. Cf. also clause 12 (additional rules for customers from the EU).
3. Nature and scope of the collection of personal data
When visiting our website (without logging in)
If you visit our website without accessing the log-in protected area, the web server technology used by us automatically logs general technical information concerning the visit. This includes inter alia the IP address (which is however anonymised by Google before it is saved, so that it can no longer be allocated to you. Google uses the _anonymizeIp() method when doing so), along with information concerning the browser type, the internet service provider and the operating system used.
When using Accounto cloud software (with login)
During the free test access as well as during any chargeable usage of software provided by Accounto within the log-in protected area, all data recorded by the user during the application process and when using the software are also recorded.
This process generally involves the collection of your master data (name, address, email address and company name) as well as the settings required for the relevant service. Further information regarding which data we process for which purposes may be found in our GTC.
In recording your information (registration), you consent to the processing, usage and disclosure of your personal data in the manner and to the extent of the purposes described in this Privacy Statement.
When approving access for third parties
The customer may allow third parties that also hold log in credentials (such as e.g. its fiduciary) to access its data. In such cases, the customer reserves full control over the access rights of such third parties and over the customer’s data and may restrict or refuse access at any time. The customer agrees that, when using additional partner functions or add-ons, Accounto or the third party may exchange data with the relevant partner in accordance with the access rights granted by the customer.
Whenever the optional salary accounting and personnel module of Accounto is used, the personal data of the end customer’s employees are transmitted to Accounto. Accounto treats these data with all due care and ensures that they remain secure in accordance with the standards set forth in this Privacy Statement. The end customer hereby consents to the foregoing, and shall hold Accounto harmless in respect of any potential claims brought against Accounto by the employees of the end customer. The end customer further acknowledges that it shall bear sole responsibility for informing its employees concerning any possible storage, usage, processing and disclosure of data by Accounto in accordance with this Privacy Statement. Should any individual employees of the end customer not agree to the data processing envisaged, the end customer shall be responsible for deleting the relevant data of its employees in its Accounto cloud.
When using the available banking functions of Accounto or whenever any account is connected to a bank, data are exchanged between Accounto and the bank concerned. These also include payment information as well as information specific to the bank, such as IBAN, account information etc.
Further partner functions
When using on an optional basis any further partner functions available (e.g. connection through myAXA account) provided by Accounto or when connecting an account to a partner, data are exchanged between Accounto and the partner concerned.
4. Data security
We adopt technical and organisational security measures according to recognised technical standards in order to protect personal data stored with us against unintended, unlawful or unauthorised manipulation, erasure, alteration, access, disclosure or usage as well as against full or partial loss. The Accounto servers are situated in a secure IT centre in Switzerland holding multiple certifications. Connections with our servers operate according to SSL encryption. We create regular backups of customer data. In order to avoid data loss even under extreme circumstances (e.g. destruction of the IT centre by an earthquake), encrypted backups are stored in parallel at multiple IT centres throughout Switzerland. Our security standards are constantly adjusted and improved accordingly in line with technological process. We do not accept any liability for data loss or its disclosure to and usage by third parties. In addition, we are unable to provide any guarantee as to the security of data transmitted over the internet, and there is a risk of third party access in particular in the event that data are transferred by email. However, access is protected by HTTPS. If specifically desired by the customer, the customer may decide at any time in favour of two-stage authentication.
5. Purpose of processing of personal data / recipients of data
We process the data collected: in order to be able to constantly improve the products and services desired by you; in order to manage usage by you and the access desired by you to our applications, products and information; in order to cultivate our business relationship with you; in order to monitor and improve the performance of the services offered by us; in order to detect, prevent or clarify illegal activities; and in order to provide you with offers, information or marketing material relating to goods or services that we anticipate, based on the data, may be of interest for you. Data may also be disclosed for the purpose of processing, storage and usage for the above-mentioned purposes to partner businesses and service providers, selected third party companies, institutes and/or state authorities entitled by law to receive them both in Switzerland and abroad. Should the processing or storage of personal information occur in countries that do not offer adequate data protection compared to that under Swiss data protection law, we impose contractual obligations on processors to comply with the relevant provisions of the DSG or – where as regards the data of customers from the EU – the GDPR.
We arrange for some of the above-mentioned processes and services to be carried out by service providers instructed in accordance with data protection law situated in the EU or Switzerland. These are companies operating in the fields of IT services, payment transactions, printing services, billing, collection and advice, sales and marketing, as well as service providers that we involve as contracted data processors.
Cookies help to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on the hard disk of your computer whenever you visit our website and use our services.
You can manage your security settings independently in your browser and thus block or disable the cookies stored by us, which may have the result that particular services of Accounto can no longer be used (in full).
Tracking and analysis tools / social media
Usage of our digital services is measured and assessed using various technical systems, which are furnished mainly by third party providers such as Google Analytics. These measurements may be anonymous or may involve the assessment of personal data. In such cases, it is possible that the data collected may be disclosed by us, or in turn by the third party providers of such technical systems, to third parties in Switzerland or abroad for the purpose of processing. The most frequently used and the most widely known analytical tool is Google Analytics, a service offered by Google Inc., under which the data collected are normally transmitted to a Google server in the USA.
Our website uses Google Analytics. This is a service that is provided by Google Ireland Limited (“Google”), a company registered and operating under Irish law (registration number: 368047), with registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, i.e. text files saved on your computer which make it possible to analyse how you use this website. The information generated by the cookie concerning your usage of the website (including your IP address, which is however anonymised by Google prior to storage so that it can no longer be allocated to you) is transmitted to a Google server in the USA and stored at that location. Google uses this information to evaluate your use of the website, to produce reports on website activities for us and to provide other services related to the use of the website and of the internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process these data on behalf of Google. Google does not under any circumstances cross-reference your IP address with other data held by Google.
Our website uses the “demographics data” function of Google Analytics. This makes it possible to generate reports containing statements concerning the age, gender and interests of website users. These data originate from interest-based advertising of Google as well as visitor data from third party providers. These data cannot be allocated to any specific person. You can disable this function at any time through the advertising settings in your Google account or, as a general matter, prevent your data from being collected by Google Analytics.
The analysis of data by other tools of the website owner is not blocked if you use the add-on. In addition, data may be sent to the website or to other web analysis services.
Finally, through our website we obtain certain information in so-called server log files, which your internet browser automatically transmits to us. These include inter alia the user agent (browser type and version, operating system used), http header information (referrer URL, IP address of the accessing computer), the time of the server request and the log-in status. These server log files are only cross-referenced with data from other sources for the purposes of error analysis.
Technologies for advertising purposes
Our website uses the functions of Google Analytics Remarketing in relation to the cross-device functions of Google AdWords and Google DoubleClick.
This function enables the advertising target groups established through Google Analytics Remarketing to be linked up with the cross-device functions of Google AdWords and Google DoubleClick. This makes it possible to display interest-based, personalised advertising that is specifically tailored to you based on previous usage and browsing on one particular end device (e.g. mobile telephone) on a different end device used by you (e.g. tablet or PC).
If you have granted such consent to Google, for this purpose Google will associate your web and app browsing activity with your Google account. This means that the same personalised advertising messages will be displayed on each end device on which you are logged in to your Google account.
In order to support this function, Google Analytics collects the user ID authenticated by Google, which is temporarily checked against our Google Analytics data in order to identify and create target groups for gross-device advertising.
You can permanently object to cross-device remarketing by disabling personalised advertising in your Google account under https://www.google.com/settings/ads/onweb/.
Our website also uses the online advertising program Google AdWords.
In relation to Google AdWords we use so-called “conversion tracking”. If you click on an advert displayed by Google, a cookie is stored for the purpose of conversion tracking. Cookies are small text files that are stored on the internet browser on your computer. These Cookies expire at the latest after 30 days and are not used in order to identify you. If you visit our website and the cookie has not yet expired, both Google and we recognise that you have clicked on the advert and been directed to this page.
Google provides us with information concerning the total number of users that have clicked on our advert and been directed to a website of ours featuring a conversion tracking tag. However, we do not receive any information that could enable you to be identified personally.
You can prevent tracking by disabling the Google conversion tracking cookie in your browser’s user settings.
Our website also uses the Facebook pixel, which is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
The Facebook pixel enables the actions of website visitors to be tracked after they are directed to this website having clicked on a Facebook advert. This makes it possible to assess the efficacy of Facebook adverts for statistical and market research purposes and to optimise future advertising.
The data collected are anonymous for Accounto, and so we are unable to draw any inferences concerning your identity. However, the data are stored and processed by Facebook, so that a connection can be established with the relevant user profile and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy. This enables Facebook to display adverts on Facebook pages as well as off the Facebook website. Accounto is unable to influence this usage of data.
You can permanently object to remarketing by disabling the “custom audiences” remarketing function in the advertising settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You have to be logged in to Facebook in order to do so.
If you do not have any Facebook account, you can disable usage-based advertising by Facebook on the European Interactive Digital Advertising Alliance website at https://www.youronlinechoices.com/uk/your-ad-choices.
Further information can be found in the Facebook Data Policy at https://www.facebook.com/about/privacy/.
Incorporation of third party content / social media
Our digital services are networked in various ways with third party functions and systems, for instance through the incorporation of plugins of third party social networks including in particular Facebook, Twitter, Linked etc. If you have a user account with these third parties, it may under certain circumstances also be possible to measure and assess your usage of our digital content. As part of this process, further personal data such as your IP address, browser settings and other parameters may be transmitted to these third parties and stored by them. We do not have any control over the usage of any personal data collected in this manner by third parties and do not accept any responsibility or liability. In addition, Accounto does not have any detailed information as regards the data that are transmitted to third party providers, where they are transmitted to and whether they are anonymised.
Our website incorporates YouTube plugins. The provider is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
The YouTube plugin establishes a link with the YouTube servers. As a result, the YouTube server is informed which of our pages you have visited.
If you are logged in to your YouTube account, YouTube may allocate your browsing activity directly to your personal profile. You can prevent this from happening by logging out of your YouTube user account.
Which other tools do we use?
Our website uses the map service Google Maps via an API. If you use Google Maps functions, your IP address is stored by Google and, as a rule, transmitted to a Google server in the USA. Accounto does not have any influence over this data usage.
We also use Hotjar from the firm Hotjar Limited (Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta, Europe) on our website for the statistical assessment of visitor data. Hotjar is a service that analyses the behaviour of and feedback from you as users on our website through a combination of analysis and feedback tools. We receive reports and visual messages from Hotjar that show us where and how you “move” on our website. Personal data are automatically anonymised and are never received by the Hotjar servers. This means that you are not personally identified as a website user though we nonetheless find out a lot about your user behaviour
7. Décisions automatiques
Accounto does not use any profiling or automated decision-making techniques. Should Accounto use such processes in individual cases, you will be informed separately concerning them, where required by law.
8. Communication by email and/or newsletter
If you would like to obtain a newsletter offered on our website, we require an email address of yours and other information that enables us to check that you are the owner of the email address indicated and consent to receiving the newsletter (“opt-in” procedure).
The newsletter regularly provides you with recommendations and offers that may be of interest to you. For this purpose, we collect and process personal data concerning your usage of our website, within Accounto, and how you use our newsletter (e.g. whether you open the newsletter or which URL links you click on). We assess these data for statistical purposes in order to tailor the contents of the newsletter better in line with your interests.
The personal data provided in the newsletter application form are processed on the basis of your consent, which you may withdraw at any time with future effect. Consent may be withdrawn via the “unsubscribe” link in the newsletter. We use the personal data collected from you in order to establish the contents of and to dispatch the newsletter.
We store the personal data provided by you for the purpose of receiving the newsletter until you unsubscribe from the newsletter.
9. Duration of storage
Accounto processes and stores your personal data for as long as you use the service. In this regard it should be noted that the contractual relationship is a legal relationship that is envisaged as being a long-term relationship.
If any data are no longer required for the compliance with contractual or statutory duties, they are regularly erased unless their further processing – for a limited period – is necessary for the following purposes:
- Compliance with commercial, tax or other retention requirements in Switzerland, including in particular the ten-year period for the keeping and management of business records (Articles 958 et seq of the Swiss Code of Obligations); longer periods may be provided for under special legislation.
- The retention of evidence, the relevant statutory limitation periods for which may be up to 30 years or longer.
10. Access, rectification, erasure, blockage and consent
You have the following rights in relation to your personal data. Accounto explicitly grants these rights contained in the GDPR also to Swiss customers insofar as similar rights do not already exist under the DSG:
- the right of access under Article 15 GDPR,
- the right to rectification under Article 16 GDPR,
- the right to erasure under Article 17 GDPR,
- the right to restriction of processing under Article 18 GDPR,
- the right to data portability under Article 20 GDPR,
- the right to object under Article 21 GDPR,
The rights specified above are subject to any restrictions provided for under the GDPR as well as the relevant applicable national data protection legislation or other national legislation.
If you are requested to provide consent in relation to the services of Accounto, by clicking on the relevant checkbox you may consent to the collection, processing, usage and disclosure of your personal data by Accounto.
You can naturally withdraw your consent at any time, although this will not affect the lawfulness of any processing based on consent prior to such withdrawal. Withdrawal of consent may be intimated in writing to the email address of Accounto mentioned at the start. However, it is also sufficient to send an email to the address email@example.com. However, some services and functions will no longer be available to you afterwards.
11. Links to other websites
The Accounto website contains hyperlinks to third party websites, which are not operated or controlled by Accounto. Accounto is not responsible for their content and privacy practices.
12. Additional rules for EU customers
The following provisions are only applicable for customers from the EU, and do not apply for Swiss customers.
Legal basis for processing
Your data are processed for the purposes mentioned in clause 5 in accordance with point (b) of Article 6(1) GDPR for the purpose of the performance of a contract. The contract concerns the provision of the above-mentioned services.
In addition, as described above, data are processed in order to uphold the legitimate interests of Accounto (point (f) of Article 6(1) GDPR). These are improving products and services (including the provision of direct advertising), monitoring and improving product performance and detecting, preventing or clarifying illegal activities.
In addition, your data are processed in accordance with point (c) of Article 6(1) GDPR for the purpose of compliance with legal obligations (e.g. retention and documentation requirements). These include in particular your personal master data.
Should you take the view that any purpose or purposes referred to under clause 5 is or are not covered by the legal bases indicated above, you may require that we no longer process your personal data for specific individual purposes (opt-out). Any such opt-out will not prevent you from continuing to use the Accounto cloud software, provided that such usage does not necessarily entail the data processing concerned. You can send any such opt-out in writing to the Accounto address mentioned at the outset. However, it is also sufficient to send an email to the address firstname.lastname@example.org.
Right to complain
If you take the view that your personal data have been processed in breach of the GDPR, you have the right to complain to a competent supervisory authority in accordance with Article 77 GDPR.
Accounto is naturally happy to address any questions and requests you might have before lodging any complaint. Please contact us with these by sending an email to email@example.com.
Last updated: June 2021