Personal Data Protection Policy

1. Introduction

Berney Associés is committed to protecting your privacy and ensuring the security of your personal information. This personal data protection policy describes how Groupe Berney Associés processes personal data obtained through our website and services, specifying the types of data collected and the purposes for which they are used. It also sets out how data is transmitted, how long it is kept and the rights of the persons concerned, in accordance with Swiss data protection laws and the General Data Protection Regulation (GDPR). This policy therefore applies to all customers, users and visitors to our site and sets out our commitment to protecting your personal data.

2. Applicable legal framework

As part of its activities, Berney Associés complies with a number of data protection regulations, in particular the Federal Data Protection Act (nLPD) and the General Data Protection Regulation (RGPD):

  • Application of the RGPD Pursuant to Article 3 of the RGPD, Groupe Berney Associés is subject to this regulation because the company processes personal data of European Union (EU) residents and also offers services to EU residents. Although the head office is located outside the EU, these activities give Groupe Berney Associés the obligation to comply with the requirements of the RGPD.
  • Application of the nLPD The nLPD also applies to Groupe Berney Associés in accordance with Article 3, as the company is registered in Switzerland. This law obliges the company to adopt measures for the processing and protection of personal data, in accordance with Swiss standards of confidentiality and information security.

3. Basic principles of data processing

Within the framework of this data protection policy, Groupe Berney Associés applies the following fundamental principles to the processing of data:

  • Lawfulness of Processing (art. 6 al. 1 nLPD): All personal data processing activities are carried out lawfully and in compliance with the regulations in force.
  • Good Faith and Proportionality (art. 6 para. 2 nLPD): Data is processed in accordance with the principles of good faith and proportionality.
  • Goals (art. 6 para. 3 nLPD): Personal data is collected only for purposes that are specific and recognisable to the data subject, and its further processing is compatible with these purposes.
  • Data minimisation (art. 6 para. 4 nLPD): Personal data is destroyed or rendered anonymous as soon as it is no longer necessary to achieve the purposes for which it was collected (or to comply with legal data retention requirements).
  • Data accuracy (art. 6 para. 5 nLPD): The accuracy of personal data is guaranteed. Appropriate measures are taken to correct, erase or destroy inaccurate or incomplete data, taking into account the type and extent of the processing and the risks to the rights and freedoms of the data subjects.
  • Data security (art. 6 al. 6 nLPD): When required, the consent of the data subject is obtained in a free and informed manner, only after the data subject has received all the necessary information concerning the planned processing.
  • Rights of the persons concerned (art. 6 al. 7 nLPD): Express consent is required in the following situations:
    • For the processing of sensitive data ;
    • For high-risk profiling carried out by a private player ;
    • For profiling carried out by a federal authority.

4. Purpose of collecting and processing personal data

As part of our commitment to data protection, we collect and process personal data for a number of key purposes, including:

  • Professional services To ensure the quality and compliance of our services by assessing various aspects such as process compliance and information systems security.
  • Advice and support To provide tailored advisory services, such as in-depth analyses and strategic recommendations, to help our clients with their business decisions and transactions.
  • Management of Regulatory Obligations Preparing and submitting the necessary documents to meet legal and tax requirements, thereby ensuring compliance with applicable laws.
  • Communication and Information Disseminating relevant, up-to-date information to our customers through targeted communications such as newsletters and sector updates.

This processing is carried out in accordance with the legal requirements relating to data protection, with the aim of providing services that are efficient, secure and in line with contractual expectations.

5. What personal data do we process?

To fulfil these purposes, Groupe Berney Associés processes various categories of personal data, detailed according to the types of processing activities:

  • Audit (Financial Statements, Internal, IT) :
    • Identification data
    • Public contract data
    • Economic data
    • Confidential contract data
    • Health data
    • Security logs
  • Corporate Restructuring and Due Diligence:
    • Company data
    • Commercial data
    • Operational data
    • HR data
    • Criminal convictions, offences or proceedings
  • Tax returns - Legal entities :
    • Identification data
    • Financial data
    • Organ data
  • Tax returns - Individuals :
    • Identification data
    • Financial data
    • Family data
    • Health data
    • Religious or philosophical beliefs
    • Political views
    • Union membership
    • Social assistance
  • Customer Payroll and Accounting :
    • Identification data
    • Professional data
    • Financial data
    • Family data
    • Contractual information
    • Health data
  • Newsletter and event invitations:
    • Contact details
    • Statistics, Preferences
  • Operational and financial reporting :
    • Identification data
    • Financial data
    • Contractual information

6. Data collection, retention period, security measures

Data collection

Personal data is collected in the following ways:

  • Directly from customers/prospects/contacts when using our services.
  • Via authorities, courts or third parties, depending on the nature and scope of the mandate concerned.
  • From publicly available information, such as that found in the media and on the Internet, where appropriate.

Conservation period

Data is kept for as long as is necessary for the purpose of processing, in compliance with legal retention requirements, or for contractual reasons. The data is then securely deleted.

Data security

We take appropriate technical and organisational security measures to protect personal data against unauthorised access and misuse. These measures include IT and network security solutions, access restrictions, encryption of data media and transmission, instructions, training and controls.

The data is stored in the applications and software we use. The data is hosted on servers located in Switzerland, managed via an IaaS (Infrastructure as a Service) architecture.

If third parties have access to our data, special measures are taken, which are governed by the outsourcing contract.

7. Data sharing and access 

Data sharing and protection

In the course of our business, we may transfer personal data to third parties in the following situations: where the customer has given his or her consent, to provide the agreed services, to achieve our contractual objectives, to protect our legitimate interests, or where required by law.

The categories of persons likely to have access to this data include :

  • Internal employees: Members of our staff who need access to data in order to carry out their work, in compliance with confidentiality policies and defined access rights.
  • Service providers: Companies providing IT, hosting and data processing services, as well as professional advisers, lawyers and insurance companies.
  • Outsourcer : Companies specialising in IT infrastructure management, who act on our behalf to ensure the security and smooth operation of our systems.
  • Authorities and third parties in the context of our obligations: Legal or supervisory authorities, tax authorities, government bodies and courts, in the context of our legal or contractual obligations.

All third parties with whom we collaborate are contractually bound to respect the confidentiality of data and to process it only for the purposes specified, thus ensuring adequate protection of the information shared.

8. Your rights with regard to the processing of personal data

At Groupe Berney Associés, we respect your rights to the protection of personal data, in accordance with the applicable laws. To exercise your rights, please contact us at the address dpo@berneyassocies.com and provide proof of identity to validate your request. We will endeavour to respond to your request within 30 days. In certain complex cases, this period may be extended, and we will inform you accordingly.

Here is a detailed overview of your rights and how you can exercise them:

Right of access

You have the right to request information about the personal data we process about you. This includes:

  • The types of personal data held.
  • The purposes of the processing.
  • The possible recipients of your data.
  • The planned data retention period.

Right of rectification

If you find that your personal data is inaccurate or incomplete, you can ask for it to be corrected.

Right to erasure

You may request the deletion of your personal data (Right to be forgotten) when :

  • They are no longer necessary for the purposes for which they were collected.
  • You withdraw your consent and there is no other legal basis for processing.
  • Your data has been processed unlawfully. We will proceed with the deletion unless their retention is required by a legal obligation.

Right to object

You have the right to object to the processing of your personal data, in particular where it is based on legitimate interests. If you exercise this right, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing which override your rights and freedoms.

Right to withdraw consent

Where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

9. Use of Cookies and Management of External Links

Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience on our website, analyse site usage and offer you relevant advertising. You can manage your cookie preferences via your browser settings. For more information, please consult our page dedicated to cookies. Cookies.

Links to third-party sites

Our site may contain links to other sites not managed by Berney Associés. We are not responsible for the privacy practices of such external sites.

In the course of our activities, your personal data may be transferred to countries outside Switzerland and the European Economic Area (EEA). We ensure that these transfers are carried out in compliance with the applicable laws and that adequate protection measures are in place.

10. Final provisions

Changes to the policy

We reserve the right to modify or add to this document at any time. Personal data protection policy, At our sole discretion, we may, at any time and without prior notice, amend our website to take account of regulatory changes. Any changes will be posted on our website with the updated revision date. We encourage you to visit this page regularly to stay informed about how we protect your information.

Responsible entity and contact

We are responsible for processing data in accordance with this data protection policy, unless otherwise specified.

General enquiries about data protection can be sent to us by e-mail to :  dpo@berneyassocies.com or by post to the attention of the Data Protection Officer at the following address

Berney Associés

Rue du Nant 8

1207 Geneva, Switzerland

For questions concerning a specific person, requests for rectification or a request for deletion, a copy of the identity card or passport identifying the user must also be attached.

Berney Associés is committed to protecting the confidentiality and security of your personal information. Please contact us if you have any concerns or questions about how we handle your personal data.