Back

Privacy Policy

In this Privacy Policy, we, Tim&Koko AG, describe how we collect and process personal data. For the purposes of this Privacy Policy, personal data refers to all information relating to an identified or identifiable person.

1. Controller and Contact

Tim&Koko AG is responsible for the data processing described here. Data protection inquiries can be sent to us by letter or e-mail:

Tim&Koko AG
Thomas Philipona
Gerechtigkeitsgasse 80 3011 Bern

E-Mail: hallo@tim-koko.ch
Website: https://tim-koko.ch

2. Collection and Processing of Personal Data

We process personal data in particular within the following categories of processing:

  • Client and personal data that we require and have received for the provision of services;
  • Personal data that we receive indirectly from our clients during the provision of services;
  • When visiting our website;
  • When participating in one of our events;
  • When we communicate;
  • When we are obliged to do so for legal or regulatory reasons;
  • When we perform our due diligence obligations or pursue other legitimate interests.

More detailed information can be found in the following descriptions of the respective processing categories.

3. Purposes of Data Processing and Personal Data

We may process your personal data for several purposes. Primarily, we process this data to provide our services to you.

3.1 Provision of Services

We primarily process personal data that we receive from our clients and other business partners involved in the context of our mandate relationships and other contractual relationships.

Personal data of our clients includes, in particular, the following information:

  • Contact information (e.g., last name, first name, address, telephone number, e-mail);
  • Personal information (e.g., date of birth, job title, etc.);
  • Financial information (e.g., bank details);
  • Information provided by you within the scope of communication with us.

We process this personal data for the described purposes based on the following legal bases:

  • Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and any enforcement (e.g., consulting, fiduciary services);
  • Fulfillment of a legal obligation (e.g., to disclose information);
  • Safeguarding legitimate interests (e.g., for administrative purposes, to enforce our rights, to defend ourselves against claims, or to check for potential conflicts of interest);
  • Consent (e.g., to send you information).

3.2 Indirect Data Processing from Service Provision

When we provide services to our clients, we may also process personal data that we have not collected directly from the data subjects or personal data of third parties. We require this personal data to fulfill contracts with our clients. We receive this personal data from our clients or from third parties commissioned by our clients. Personal data of persons who have a relationship with our clients includes, in particular, the following information:

  • Contact information (e.g., last name, first name, address, telephone number, e-mail);
  • Financial information (e.g., bank details).

We process this personal data for the described purposes based on the following legal bases:

  • Conclusion or execution of a contract with the data subject or for the benefit of the data subject (e.g., when we perform our contractual duties);
  • Fulfillment of a legal obligation (e.g., when we perform our duties as an auditor or are obliged to disclose information).

3.3 Use of Our Website

No personal data needs to be disclosed to use our website. However, with each access, the server collects a series of user information, which is temporarily stored in the server’s log files.

When using this general information, no assignment to a specific person takes place. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected to improve the website and analyze its usage.

This includes, in particular, the following information:

  • Contact information (e.g., last name, first name, address, telephone number, e-mail);
  • Further information that you transmit to us via the website;
  • Technical information automatically transmitted to us or our service providers, information on user behavior or website settings (e.g., name of the internet service provider, IP address, UDI, device type, browser, operating system, date and time of access, number of clicks on the page, clicks on links, etc.).

We process this personal data for the described purposes based on the following legal bases:

  • Safeguarding legitimate interests (e.g., for administrative purposes, to improve our quality, to analyze data, or to promote our services).

3.4 Direct Communication, Visits, and Events

If you contact us (e.g., via telephone, e-mail, or chat) or if we contact you, we process the necessary personal data. We also process this personal data when you visit us. In this case, you may be required to leave your contact details before your visit or at the reception. These are kept by us for a certain period to protect our infrastructure and information. For the conduct of telephone conferences, online meetings, video conferences, and/or webinars (“Online Meetings”), we use appropriately secure applications. When organizing and holding events, we process personal data for event management and participant support, including the administration of registrations, communication with participants, and coordination with service providers.

In doing so, we process, in particular, the following information:

  • Contact information (e.g., last name, first name, address, telephone number, e-mail);
  • Metadata regarding communication (e.g., IP address, duration of communication, communication channel);
  • Other information that the user uploads, provides, or creates while using the video conferencing service, as well as metadata used for the maintenance of the provided service;
  • Personal information (e.g., profession, function, title, employer company);
  • Image recordings;
  • Time and reason for the visit.

We process this personal data for the described purposes based on the following legal bases:

  • Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and any enforcement (provision of a service);
  • Safeguarding legitimate interests (e.g., security, traceability, as well as handling and administration of client relationships);
  • Consent.

3.5 Information and Marketing

We process personal data to provide you with attractive offers and to maintain client relationships. This includes sending messages and offers, both in written and electronic form, as well as conducting marketing campaigns. These campaigns may include our own offers or those of advertising partners. To provide you with personalized offers, we may use data such as basic data, contract data, communication data, behavioral and transactional data, as well as preference data. This allows us to provide you with relevant information and offers.

Types of messages and offers may include:

  • Promotional e-mails, in-app messages, and other electronic communications;
  • Promotional brochures, magazines, and other printed materials;
  • Promotional messages via various media platforms;
  • Invitations to events.

You always have the option to decline marketing contacts, and you can easily unsubscribe from newsletters and other electronic communications via an unsubscribe link or via your customer account.

We process your personal data for the described purpose based on the following legal bases:

  • Consent;
  • Safeguarding legitimate interests (e.g., to analyze data or to promote our services).

3.6 Job Applications

You can submit your application for a position with us by post or via the e-mail address provided on our website. The application documents and all personal data disclosed to us in this context will be treated strictly confidentially, will not be disclosed to any third party, and will only be processed for the purpose of processing your application for employment with us. Unless you agree otherwise, your application file will be returned to you or deleted/destroyed after the conclusion of the application process, provided it is not subject to a statutory retention obligation. The legal bases for processing your data are your consent, the fulfillment of the contract with you, and our legitimate interests.

In doing so, we process, in particular, the following information:

  • Contact information (e.g., last name, first name, address, telephone number, e-mail);
  • Personal information (e.g., profession, function, title, employer company);
  • Application documents (e.g., cover letter, certificates, diplomas, CV);
  • Evaluation information (e.g., assessment by recruitment consultants, reference checks, assessments).

We process this personal data for the described purposes based on the following legal bases:

  • Safeguarding legitimate interests (e.g., hiring new employees), including contract initiation and any enforcement;
  • Consent.

3.7 Use of Newsletter

If you subscribe to our newsletter, we use your e-mail address and other contact details to send you the newsletter. You can subscribe to our newsletter with your consent. Mandatory information for sending the newsletter is your full name and your e-mail address, which we store after your registration. The legal basis for processing your data in connection with our newsletter is your consent to the sending of the newsletter. You can revoke this consent at any time and unsubscribe from the newsletter (directly in the newsletter or by e-mail to ).

4. Data Transfer and Data Transmission

We only pass on your data to third parties if this is necessary for the provision of our services, if these third parties provide a service for us, if we are obliged to do so by law or by official order, if we have an overriding interest in the disclosure of the personal data, or if you have given us your consent or requested us to do so.

The following categories of recipients may receive personal data from us:

  • Service providers (e.g., IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies).
  • Third parties within the scope of our legal or contractual obligations, authorities, government institutions, courts.

We conclude contracts with service providers who process personal data on our behalf, obliging them to guarantee data protection. Most of our service providers are located in Switzerland or the EU / EEA. Should a data transfer to other countries that do not have an adequate level of data protection be necessary, this will be done on the basis of the EU Standard Contractual Clauses or other suitable instruments.

5. Retention Period of Personal Data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e., for the duration of the entire business relationship (from initiation and processing to the termination of a contract) as well as beyond that in accordance with statutory retention and documentation obligations. We retain personal data for the period during which claims can be asserted against our company (during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require it (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as far as possible in principle.

6. Data Security

We will keep your data secure and take all reasonable measures to protect your data from loss, access, misuse, or alteration. Our employees and all contractual partners who have access to your data are obliged to comply with data protection regulations. We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input, transfer, and ensuring the availability of the data and its separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data compromise. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through privacy by design and through privacy-friendly default settings.

7. Your Rights

In connection with our processing of personal data, you have the following rights:

  • Right to information about personal data stored by us about you, the purpose of processing, the origin, and recipients to whom personal data is passed on;
  • Right to rectification if your data is incorrect or incomplete;
  • Right to request the deletion of processed personal data;
  • Right to data portability;
  • Right to object to data processing or to revoke consent to the processing of personal data at any time without giving reasons;
  • Right to lodge a complaint with a competent supervisory authority, if provided for by law.

To exercise these rights, please contact the address given in Section 1.

Please note, however, that we reserve the right to assert the restrictions provided for by law on our part, for example, if we are obliged to retain or process certain data, have an overriding interest in doing so, or require it for the assertion of claims. If costs are incurred for you, we will inform you in advance. The revocation of consent to processing does not affect the lawfulness of processing carried out up to that point.

8. Social Media

We are present on social media platforms and other online platforms to communicate with interested persons and to inform them about us and our offers. In this context, personal data may also be processed outside of Switzerland and the European Economic Area (EEA). If you communicate with us via such pages or comment on or disseminate content from us, we will collect the corresponding information and process it in accordance with our Privacy Policy. We have the right, but not the obligation, to check content before or after its publication and to delete it without notification, as far as technically possible, or to report it to the provider of the respective platform. In the event of a violation of the rules of decency and conduct, we may also report the relevant user account to the provider of the platform for blocking or deletion. When you visit our social media pages, data (e.g., about your user behavior) may also be transmitted directly to the respective provider or collected by them and processed together with other data already known to the provider (e.g., for marketing and market research purposes and for personalizing platform content). If we are jointly responsible with the provider for certain processing, we conclude a corresponding agreement with the provider, the essential content of which you can find out from the provider. Further information on data processing by the providers of social networks can be found in the privacy policies of the respective social networks. In addition, the General Terms and Conditions (GTC) and Terms of Use as well as the privacy policies and other provisions of the individual operators of such online platforms apply. These provisions inform in particular about the rights of the data subjects, which specifically includes the right to information.

9. Cookies and Other Tracking Technologies

This website does not use cookies. To analyze the usage behavior of website visitors, we use the cookie-free analytics tool from https://umami.is/.

10. Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request

This data cannot be assigned to specific persons. A merging of this data with other data sources is not undertaken. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.

11. Changes to the Privacy Policy

We reserve the right to adapt this Privacy Policy in the event of changes. We will inform about such adjustments and additions in an appropriate form, in particular by publishing the respective current Privacy Policy on our website.

November 2024