Privacy Policy

This Privacy Policy describes how and for what purpose Avoras AG, Steinenschanze 2, CH-4051 Basel, Switzerland (we, or us) collects, processes and uses personal data. Personal data means any information that can be linked to a particular person. Processing means any handling of personal data, such as collection, storage, management, alteration, usage, sharing, disclosure etc.

The Privacy Policy applies to all persons whose personal data we process (you), regardless of how you contact us, e.g. whether in a branch, over the telephone, on avoras.com (Website), in an app, via a social network, at an event etc. In certain situations, a special privacy policy may apply instead of this Privacy Policy or as a supplement to this Privacy Policy. The Privacy Policy is applicable to the processing of personal data already collected as well as to the processing of personal data collected in future.
This Privacy Policy is based on the European General Data Protection Regulation (GDPR), as the GDPR is a global benchmark for strong data protection. However, whether and to what extent the GDPR is applicable depends on the individual case. For example, for Swiss customers, the Swiss Data Protection Act (DSG) may also be applicable or be exclusively applicable.

1. Who we are; contact details

The controller for your personal data is Avoras AG, Steinenschanze 2, CH-4051 Basel, Switzerland.
The business practices and processes are shared between Avoras AG and its subsidiaries Avoras GmbH (Kaiser-Joseph-Str. 254, 79098 Freiburg, Germany), Avoras Unipessoal Lda (Edifício Torre de Monsanto, Rua Afonso Praça, 30 -1D, 1495-061 Algés, Lisboa), Avoras Sdn Bhd (Level 2, No. 20, Jln Kerinchi Kiri 3, Kampung Kerinchi, 59200 Kuala Lumpur) and Avoras USA Inc. (1999 Bryan Street, Suite No. 900, Dallas, Texas 75201).
If you want to exercise your data privacy rights or if you have any question concerning data privacy and how we protect your data, please contact us: info@avoras.com.

2. What personal data we process

We process various categories of personal data. You can find the key categories below for your information. However, we may also process further personal data in individual cases.

• Master data: This encompasses, in particular, your name and your contact details (e.g. address, telephone number or email address), information about your relationship with us, possibly information about your employer, the title of your occupation, industry or business, academic degree, year of birth, civil status, and comparable basic information;
• Contract data: This encompasses all personal data arising in connection with the conclusion and/or processing of the contract, i.e. information relating to the initiation and conclusion of contracts, e.g. the date, initiation process, information about the type and duration of the contract concerned as well as contact details, delivery addresses, deliveries that have taken place or that have failed, and information about payment instruments. This may also include information relating to acquired claims and demands as well as information relating to customer satisfaction;
• Recruitment and application data: This encompasses, any information included in application forms, in a resume, cover letter, or otherwise provided through any application or engagement process (such as education information, job titles, work history, appraisal and performance information, assignment results, information about skills, qualifications, experience, publications, speaking engagements, and preferences, e.g. mobility); copies of identification documents, such as driver’s licenses, passports, ID-card information; visas; references; citizenship and permanent residence; background information related to identity verification checks (where legally permitted and especially when required by law), criminal history checks and other background checks, including credit records, activities on social media; work bans which have an impact of your suitability for a specific job; disability status and health issues requiring adaptations to our application process and working environment (where permitted by law);
• Communication data: This encompasses, in particular, name and contact details such as address, email address and telephone number, content of emails and written correspondence, communication via social media, answers to customer and satisfaction surveys, including information about the type, time and place of the communication;
• Technical data in connection with use of our Website. This includes, in particular, the IP address, possibly a device ID, identification numbers allotted to your device by cookies or similar information (pixel tags), information about your device and its configuration, information about the browser used by you to access the Website, information about your movements and actions on our Website, information about your Internet provider, your approximate location and the time of use, as well as system records relating to access and other processes (log data).

3. How we collect personal data

We receive the aforementioned data when you contact us, e.g. when you contact our employees with an enquiry or otherwise establish a business relationship with us, when you register to receive newsletters, information and/or brochures and other marketing material, or when you participate in a meeting, a seminar or any other event.

In certain circumstances, we shall also receive your personal data from third parties or in collaboration with third parties, such as recruitment agencies or individuals referring candidates to us.

We may also receive personal data from advertising partners. For example, we collect data from persons interested in our services on social media together with our advertising partners. You can find further information in the Sections regarding social media (Section 12).

In certain circumstances, we also access publicly accessible databases. If necessary, we may use search engines on the web, for example, to contact you or update your details.

4. What we use your personal data for

We shall use your personal data as follows:

• For communication purposes, i.e. in order to establish and maintain contact with you. This encompasses answering enquiries, contacting you if questions arise, customer service and customer care, as well as quality assurance and training;
• For processing contracts. This encompasses all activities necessary or appropriate for entering into, carrying out and enforcing a contract, e.g. the conclusion of a contract, the management of contractual relations, including payment processing, as well as payment collection, if applicable;
• For customer care and marketing purposes in order to inform you of the services offered, or promotions corresponding specifically to your personal interests and likes, e.g. by means of newsletters, notifications, updates, invitations to events, personalized advertising etc. (for further information about this see Section 12);
• For market research and product development. In order to constantly improve our offerings and make them more appealing to you, we carry out customer surveys, polls and studies, for example. This serves to further develop our offerings, optimize and improve the user-friendliness of websites as well as to observe the market, e.g. in order to understand and respond to current developments and trends. For this purpose, we may also carry out statistical evaluations, e.g. in order to evaluate on a non-personalized basis customers’ interactions with us or customers’ behavior on our Website (for further information about this see Section 12);
• For compliance with legal requirements: This includes, for example, taking receipt of and processing complaints and other reports, complying with orders issued by a court or a public authority, measures for detecting and clearing up improper use, as well as general measures we are obliged to take under applicable law, self-regulation or industry standards;
• For ensuring IT security and prevention: We process personal data for security purposes including IT security, for preventing theft, fraud and improper use and for evidence purposes. This encompasses, for example, evaluating system records (log data), preventing, defending against and investigating cyber-attacks and malware attacks, analyzing and testing our networks and IT infrastructures, system tests and error checking as well as monitoring access to electronic systems (e.g. log-ins for user accounts);
• For the protection of rights: In certain circumstances, we also process personal data in order to enforce claims judicially, prior to court proceedings or extrajudicially and before public authorities in Switzerland and abroad or to defend ourselves against claims;
• For administration and support within the Avoras group: In order to manage our internal processes efficiently, we process personal data for the administration of IT, for accounting, for archiving data or for education and training, where necessary.

5. The legal bases for the data processing

We shall process your personal data on the following legal bases insofar as such basis is required according to applicable data protection law:

• for the performance of a contract, including steps to be taken prior to entering into a contract, e.g. for checking a contract request, and for enabling you to use our services;
• on the basis of your consent expressly given;
• for asserting or defending legal claims or civil cases;
• for compliance with statutory or regulatory provisions;
• if we have a legitimate interest in the data processing, which shall be determined in the particular case concerned.

6. With whom we share personal data

Avoras is a diverse, globally operating consultancy with offices in Basel, Freiburg, Lisbon, Kuala Lumpur and Dallas. Our business practices, processes, and therefore also personal data are shared between our global offices. Sharing may serve to facilitate administration within the group or support the group companies concerned and their own processing purposes, e.g. the personalization of marketing activities, the development and improvement of products and services, the conducting of credit checks or endeavors to prevent theft, fraud and improper use.

If necessary, we shall transfer your personal data to other companies, such as:

•  third parties involved in order processing on our behalf, in particular for processing credit card payments, for transport or as external service providers for data processing;
• advertising partners such as, in particular, Facebook, Google, Instagram and LinkedIn. In this context, we also refer to our cookie notice relating to data collection by third-party providers whose tools we have integrated into our Websites (see Section 12 below);
• third parties involved in organizing events or seminars;
• IT service providers as well as providers of cloud solutions for all areas;
• our auditors.

Where the aforementioned companies process personal data as processors, they are obliged to process personal data exclusively in accordance with our instructions and to take suitable data security measures. We have, in this respect, concluded the corresponding data processing agreements. Certain companies are also jointly responsible with us or independently responsible (e.g. debt collection agencies). By selecting the companies and entering into suitable contractual agreements, we ensure that data protection is safeguarded throughout the entire processing of your personal data.

Moreover, we may be compelled to disclose personal data under statutory provisions or during legal proceedings, e.g. due to a court order or a request from a law enforcement agency, or if we are of the opinion that sharing is necessary or appropriate for the protection of our rights, for example in preventing harm or financial loss, in connection with an investigation of suspected or actual fraudulent or other illegal activity, and in the event that we sell or transfer all or a portion of our assets (e.g. due to restructuring, dissolution, or liquidation).

7. When your personal data are transferred abroad

We may possibly transfer your personal data to foreign recipients (if necessary, to recipients globally, i.e. also outside of Switzerland, the European Union (EU) and the European Economic Area (EEA)). The countries concerned may possibly not have laws that protect your personal data to the same extent as those of Switzerland and/or the EU/EEA.

If we transfer your personal data to a country that does not have an adequate level of data protection, we shall be obliged to ensure that your personal data are adequately protected, e.g. by concluding data transfer agreements with the foreign recipients beforehand. Normally, we agree in this way to the application of EU standard contractual clauses, which are accessible here. Moreover, we reserve the right to transfer personal data abroad with your express consent or on the basis of further circumstances constituting authorization under applicable data protection law.

8. For how long we retain your personal data

We shall store your data in personalized form as long as this is necessary for the specific purpose for which we collected the data and as long as we have a legitimate interest in retaining your personal data (e.g. for enforcing or defending against legal claims, for archiving purposes or the benefit of IT security). Additionally, we shall store your personal data as long as these data are subject to a statutory retention duty. In respect of cookies, further information about the storage period criteria can be found in Section 12, and your personal Privacy Settings can be adjusted in the footer of the website.

9. How we protect your personal data

We take appropriate security measures of a technical and organizational nature in order to protect your personal data against unauthorized or unlawful access and processing as well as to counter the risk of loss, unintended alteration or unwanted destruction of data. We shall continually improve our security measures in line with technological development.

10. Your rights

You have the following rights:

• You have the right to obtain information on the personal data we hold about you and how we process these data.
• In certain circumstances, you have the right to receive certain personal data in a structured, commonly used and machine-readable format.
• You have the right to rectification of incomplete or inaccurate personal data.
• You have the right to obtain the erasure or destruction or anonymization of your personal data.
• You have the right to obtain restriction of the processing of your personal data.
• Where processing is based on consent given by you, you have the right to withdraw your consent at any time with effect for the future. Please note that, even after you have withdrawn your consent, we shall be entitled to continue processing your personal data to the extent permissible by law.To exercise your rights, you can contact us at info@avoras.com and at the addresses stated above (Section 1). Please note that your rights may possibly be limited or precluded in individual cases, for example where there are doubts about your identity, or where this is necessary for protecting other persons, for safeguarding legitimate interests or for complying with statutory obligations.
  Additionally, you have the right to lodge a complaint with a relevant supervisory authority about the way in which your personal data are processed. In principle, this is the supervisory authority of the country where you live.
• The relevant supervisory authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (FDPIC).
• You can find the contact addresses of the supervisory authorities of the EU/EEA Member States here.

11. Changes to this Privacy Policy

This Privacy Policy may be updated over time, especially if we change our data processing activities, or if new legal provisions become applicable. In the event of significant changes, we shall actively communicate these to persons whose contact details are registered with us, if this is possible without disproportionate effort and expense. In general, the respective version of the Privacy Policy in effect at the time when the data processing activity concerned commences shall be applicable.

12. Information about cookies and social media

This Section describes how and for what purpose we collect, process and use personal data and other data – particularly in connection with cookies and similar technologies – when our Website and apps are used.

a. What are log data?

Every time our Website is used, certain data are automatically collected for technical reasons and are temporarily stored in log files, so-called log data. These include for example the following technical data:

• IP address of the requesting terminal device and information about the operating system of your terminal device (tablet, PC, smartphone etc.),
• information about the browser used, your Internet service provider and the referring URL,
• date and time of access and content accessed when visiting the Website.
  These data are processed for the purpose of enabling the use of our Website (establishment of a connection) and ensuring its functionality, safeguarding system security and stability and enabling the optimization of our Internet offering, as well as for statistical purposes.
  In the event of attacks on the IT infrastructure or other potentially unlawful use or improper use of the Website, the IP address together with the other log data and further data available to us, if applicable, will also be evaluated for investigation and defense purposes and, if necessary, be used in criminal proceedings for the identification of persons concerned and for action taken under civil and criminal law against these persons.

b. What are cookies and similar technologies?

Cookies are data files that your browser automatically stores on your device when you visit our Website. Cookies contain a unique identification number (ID) that enables us to distinguish individual visitors from others, but normally without identifying them. Depending upon their intended use, cookies contain further information, e.g. about sites accessed and the duration of a visit to a site. We use both session cookies, which are deleted when the browser is closed, and permanent cookies, which remain stored for a certain period after the browser is closed (normally between a few days and two years) and serve to recognize visitors on a subsequent visit.
We may also use similar technologies such as pixel tags, fingerprints and other technologies for storing data in the browser. Pixel tags are small, normally invisible images or a code that are loaded from a server and thereby provide the server operator with specific information, such as whether and when a website was visited. Fingerprints are information that relate to the configuration of your device or your browser and is collected during your website visit and make your terminal device distinguishable from other devices. Most browsers also support, for storing data in the browser, further technologies that are similar to cookies and that we may also use (e.g. “web storage”).

c. How can cookies and similar technologies be deactivated?

In some cases, you have the option, when accessing our Website, of activating or deactivating certain categories of cookies via a button displayed in the browser. Furthermore, you can configure the settings in your browser to block certain cookies or similar technologies or delete existing cookies and other data stored in the browser. You can also expand your browser with software (so-called “plug-ins”) to block tracking by specific third parties. You can find further information about this in your browser’s help pages (normally under the key words “data protection”). Please note that our Website may no longer function to its full extent if you block cookies and similar technologies.

d. What types of cookies and similar technologies do we use?

• We use the following types of cookies and similar technologies:
• Necessary cookies help us to make websites usable by enabling basic features such as page navigation and access to secure areas of the website. The Website cannot function properly without these cookies.
• Preference cookies enable information affecting the appearance or content of the Website to be remembered, such as your preferred language or the region where you are located.
• Statistical cookies help us, by collecting and reporting information anonymously, to understand how you interact with websites. This enables us to understand which sites are most popular. These cookies serve to simplify and speed up website visits and generally improve user-friendliness.
• Marketing cookies help us and our advertising partners to approach you on our Website and on third-party websites with ads for products or services that may be of interest to you, or to display our ads to you whilst you continue to use the Internet after having visited our Website.

Details on the cookies we use can be found in your Privacy Settings – simply click on “Change your Privacy Settings”. 

e. How do we use cookies and similar technologies from other companies?

The cookies and/or similar technologies that we use may originate from us or from third-party companies, e.g. when we use features provided by third parties. Such third-party providers may also be located outside of Switzerland and the EU/EEA insofar as the protection of your personal data is adequately safeguarded.

For example, we use analysis services to evaluate your use of our Website in order to optimize and personalize it. Additionally, cookies and similar technologies from third-party providers enable these providers to approach you with individualized ads on our Website or on other websites as well as in social networks that also collaborate with such third party, and to measure how effective ads are (e.g. whether you arrived at our Website via an ad, and what actions you then carry out on our Website).

Third-party providers may, in this respect, record use of the website concerned. The respective provider may combine these records with similar information from other websites. The behavior of certain users can thus be recorded across multiple websites and multiple terminal devices. In many cases, the respective provider may also use these data for its own purposes, e.g. for personalized advertising on its own website and on other websites that it supplies with advertising. If users are registered with the provider, the provider may associate the usage data with the person concerned. In this case, the processing of such personal data is carried out by the provider under its responsibility and in accordance with its own privacy policy.

Two of the key third-party providers are Google and Facebook. Further information about these can be found below. Other third-party providers normally process personal data and other data in a similar way.

Google Analytics

We use Google Analytics, an analysis service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland); both referred to jointly as “Google”, whereby Google Ireland Ltd. is responsible for the processing of personal data). Google uses cookies and similar technologies to record certain information about the behavior of individual users on the website concerned and the terminal device used for this (tablet, PC, smartphone etc.), such as how often you have opened our Website, how many purchases have been made, or what interests you have, as well as data about the terminal device used by you, e.g. the operating system). You can find further information about this at this link.
We have configured the service in such a way that the IP addresses of the Website visitors are truncated by Google within Europe prior to being forwarded to the USA, and therefore cannot be traced back. Google supplies us with reports and can be regarded as our processor in this respect. However, Google also processes certain data for its own purposes. In certain circumstances, Google may be able to draw conclusions about the identity of the Website visitors on the basis of the data collected and thus create profiles with the aid of personal data and link the acquired data to any existing Google accounts of these persons. Information about Google Analytics’ data protection can be found here; if you have a Google account yourself, you can find further information here.

f. Social Media Plugins

We currently use social media plug-ins from the following companies: LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA), Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), Instagram (Instagram LLC 1601 Willow Rd, Menlo Park, CA 94025, USA). These plug-ins are only loaded if you have previously activated the function by giving your consent. Through the plug-ins, we enable you to interact with social networks and other users. The legal basis for the use of the plug-ins is consent and the integration only takes place after you have given your consent. Revocation of your consent is possible at any time without affecting the lawfulness of the processing until the revocation. The easiest way to revoke your consent is via the Privacy Settings in the Website Footer, or via the functions of the social media providers.

The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular for the display of targeted advertising and to inform other users of the social network about your activities on our Website. You have the right to object to the creation of these user profiles; you must contact the respective plug-in provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider.

The information collected is stored on servers of the providers, potentially also outside the EU/EEA, or Switzerland. We have agreed so-called standard data protection clauses with the providers, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the data protection declarations of these providers:

• LinkedIn Privacy Policy
• Facebook Privacy Policy
• Instagram Data Policy

There you will also receive further information about your rights in this regard and setting options for protecting your privacy.