ITX Privacy Policy

ITX PRIVACY POLICY

This privacy notice explains how ITX collects and uses personal data and describes the rights of person whose data are processed with respect to their personal date. 

We are dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with applicable Data Protection Regulations including in particular the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). Please read this Privacy Policy to learn about your rights, what information we collect, how we use and protect it.

This Privacy Policy applies to ITX SA and its subsidiaries in Switzerland and abroad, especially based in Singapore.

If you have any questions regarding the processing of your personal data or wish to contact the data protection officer of ITX SA, please direct your correspondence to: dpo@itx-ge.com

Directly: We obtain personal data directly from individuals in a variety of ways, including from individuals who provide us their business card, complete our online forms, subscribe to our newsletters, register for webinars, attend meetings or events we participate in or host, visit our offices or apply for open positions. We may also obtain personal data directly when, for example, establishing a business relationship, performing professional services through a services agreement, or through our hosted software applications.

Indirectly:  We also obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients or prospects. We may attach personal data to our customer relationship management records to better understand and serve our business clients, prospects, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.

  • Public sources – Personal data may be obtained from public registers (such as Commercial Registers), news articles, and Internet searches.
  • Social and professional networking sites – If you register or login to our websites using social media (e.g., LinkedIn, Google, or Twitter) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
  • Business clients and prospects– Our business clients may engage us to perform professional services which involves sharing personal data they control as part of that services.
  • Recruitment services – We may obtain personal data about candidates from an employment agency, and other parties including former employers.

In this privacy policy, the terms “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We may obtain the following categories of personal data about data subject:

  • Contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email and postal address…);
  • Professional details (e.g., job and career history, educational background and professional memberships, published articles…);
  • Family and beneficiary details for mobility, official approvals and permits, insurance and pension planning services (e.g., names and dates of birth);
  • Social, tax and immigration status;
  • Financial information (e.g., taxes, payroll, pensions, assets, bank details, insolvency records).
  • Video monitoring systems may collect images of visitors when you visit our offices.

We may also collect sensitive data in the course of providing our services. As the case may be, these sensitive data are processed with your consent unless it is obtained indirectly for legitimate purposes.
Examples of sensitive personal data we may obtain include:

  • Personal identification documents that may reveal nationality or origin, religious beliefs or physical health, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.
  • Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information.

Although, our website, newsletter, webinars and services are not intentionally designed for or directed at children, we may occasionally receive details about children e.g. as part of agreement to provide professional services.

We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:

  • Contract – We may process personal data in order to perform our contractual obligations.
  • Consent – We may rely on your freely given consent at the time you provided your personal data to us.
  • Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include:
    • Delivering services and products – To deliver the services and products our clients have engaged us to provide.
    • Marketing – To deliver timely industry insights and professional knowledge, offerings and invitations we believe are welcomed by our business clients, prospects, subscribers and other individuals.
    • Recruitment – To seek for qualified candidates.

  • Legal obligations and public interest – We may process personal data in order to meet regulatory and public interest obligations or mandates.

ITX collect and process personal data when it has a valid reason to do so in connection with the products and services it provides. The purpose of collecting personal data may be:

  • The provision of tailored and personalised professional advice and services to our clients and prospects, including company incorporation and monitoring of their obligations throughout their life (including annual approval of accounts…), insurance/social security, pension scheme administration, employment law, social security law, taxation, commercial and company law.
  • The promotion of our professional services, and products to existing and prospective business clients.
  • To send invitations and provide access to guests attending our events and webinars.
  • To send newsletters,
  • To administer, maintain, develop and ensure the security and functionality of our information systems, applications and websites.
  • To authenticate registered users to certain areas of our website.
  • To process online requests.
  • To comply with legal and regulatory obligations in particular relating to sanctions, embargo assessment, countering money laundering, terrorist financing, fraud and other forms of financial crime.
  • To prevent fraud or criminal activity, safeguard our IT systems and handle of claims.
  • Employment of personnel and work processes.
  • To seek for qualified candidates.


Furthermore, we may be required to collect certain personal data by law.

We may share personal data with trusted third parties to help us deliver efficient and quality services and products. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:

  • Providers or sub-contractors that support us to provide our services and products (e.g. providers of telecommunication and software systems, IT system support, archiving services, destructions of confidential document services).
  • Providers of clients (e.g. relocation provider, outplacement provider…),
  • Administrative authorities (e.g. tax, social security, immigration authorities…),
  • Insurers,
  • Our professional advisers, including lawyers, auditors and insurers.
  • Payment services providers.
  • Marketing services providers.
  • Law enforcement or other government and regulatory agencies (e.g. FINMA) or to other third parties as required by, and in accordance with, applicable law or regulation.
  • Recruitment services providers.

We store personal data on servers located in Switzerland. We may transfer personal data to our affiliate company, including our subsidiary based in Singapore.

We may also transfer personal data outside Switzerland and the EEA in order to comply with our legal obligations, to perform the services agreed with our clients and to enable them, according to their instructions, to comply with their legal and contractual obligations, in particular in the context of the international mobility of their employees and the proper performance of their employment contract.

These transfers are carried out in compliance with the legal obligations allowing the protection of the personal data of the persons concerned.
 

In accordance with data protection regulations, you have the right to access and, if necessary, rectify, delete and limit the processing of your personal data, withdraw your consent if you voluntarily provided your personal data, as well as the right to portability. Subject to a legitimate reason, you may also object to the processing of your data.

These rights can be exercised at any time. In order to enable you to exercise your rights you may contact our Data Protection Officer to the following address: dpo@itx-ge.com.
 
No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
Before responding to your request, we may ask for proof of identity. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it.

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction.

For example, we have implemented measures such as encryption of communications, pseudonymisation of login credentials, enforcement of password rules to ensure their robustness and limited duration, two-factor authentication, architecture and maintenance of a redundant IT infrastructure in a stretched cluster configuration spread over two different physical data centres, execution of periodic backups, etc
We limit access to personal data in general. Those individuals who have access to the data are required to maintain the confidentiality of such information and only have access to personal data on a need to know basis.

Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.

We retain personal data to provide our services, make offerings, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. We retain personal data for so long as the personal data is needed for the purposes for which it was collected or in line with legal and regulatory requirements or contractual arrangements. 

In some instances, ITX and its service providers uses cookies, web beacons and other technologies to automatically collect certain types of information when you visit us online, as well as through emails that we may exchange. The collection of this information allows us to customize your online experience, improve the performance, usability and effectiveness of ITX website and to measure the effectiveness of our marketing activities.