General Data Protection Policy

general data protection regulation

Dryden ICS SA is committed to respect the privacy of its clients, employees and business partners.

The purpose of this General Data Protection Policy is to describe how the personal data (hereinafter “Data”) that Dryden ICS SA collects or holds is used and to whom this Data may be disclosed.

Personal Data means any information relating to an identified or identifiable natural person. Dryden ICS SA processes Data for many purposes in the course of carrying out its business.

To the best of our knowledge and belief, the processing of Data by Dryden ICS SA complies with EU General Data Protection Regulation (“GDPR”) and is subject to the applicable data protection legislation in force in Switzerland, in particular the new Federal Act on Data Protection (hereinafter “FADP”).

Dryden ICS SA undertakes to:

  • use the Data only for the purposes indicated;
  • only collect the Data that is necessary for these purposes;
  • not keep the Data longer than is necessary for these purposes;
  • communicate the Data only to authorised bodies or persons for the purposes of service activities;
  • inform its clients in a clear and transparent manner about the use of the Data and about their rights.

 

  1. DATA CONTROLLER

Dryden ICS SA with its registered address at Avenue Blanc 47, 1202 Geneva, Switzerland is the data controller for the Data covered by this Policy.

 

  1. LEGAL GROUNDS FOR PROCESSING DATA

Data is processed based on at least one of the following lawful grounds:

  • explicit consent has been provided for Data to be processed for a specific reason;
  • processing is necessary to perform our services as agreed with clients;
  • processing is required to ensure compliance with legal obligations, such as keeping records or providing information to public authorities or law enforcement body;
  • processing is necessary for the purposes of legitimate interests, such as client relationship management, keeping clients informed about relevant information and services and business development.

 

  1. PURPOSE OF COLLECTING DATA

Data is collected for the following purposes:

  • to provide professional services, such as, but not limited to financial accounting, payroll processing, tax declarations, personal tax advisory works and pension planning;
  • to manage and develop our business, such as, but not limited to administrative tasks, invoicing, use of IT systems, marketing purposes, management of client relationships and invitations to events;
  • to manage, evaluate and improve and our Website and other communications;
  • to ensure compliance with applicable law or regulation.

 

  1. WHAT TYPE OF DATA IS COLLECTED?

Data may be collected, recorded and used in physical and electronic form. We may process Data because:

  • it has been provided to us directly by a physical person who is a client of, or has an interest in, Dryden ICS SA;
  • it has been given to us by a Corporate organisation who is a client of Dryden ICS SA, for example, an employer;
  • it is publicly available.

Data may include:

  • personal information, such as name, gender, age and date of birth;
  • contact information, such as address, email and phone numbers;
  • country of residence;
  • employment details (for example, employer and job title);
  • family circumstances (for example, marital status and dependents);
  • payroll and other financial related details;
  • income, investments and other financial related information;
  • business/employment activities;
  • education details;
  • corporate internal systems, processes & procedures;
  • IP address, browser type and language, browsing activity.

Sensitive data

Data we collect in the course of performing our services, may include “sensitive” categories. This type of data will not be collected unless it is strictly necessary for a specific reason, and it has been provided with the explicit consent of the individual. For example, health information may be required to enable the completion of an insurance indemnity claim.

 

  1. DATA PROTECTION RIGHTS

Pursuant to the FADP, any person, who is the data subject, has the following rights, in particular:

Right to information – the right to be informed about how Data is used;

Right of access – the right to obtain confirmation of Data processing and request a copy of Data;

Right to withdraw consent – where Data is processed on the basis of consent, consent may be withdrawn at any time;

Right of rectification – the right to request rectification of inaccurate or incomplete Data;

Right to restrict processing – the right to request restricting the processing of Data, if permitted by law;

Right to erasure – the right to request erasure of Data unless a legal basis or the legitimate interest of Dryden ICS SA requires or permits it to retain the Data;

Right to object to processing – right to object to the processing of Data at any time;

Right to data portability – the client has the right to request the delivery or transmission of the Data in a portable format where the processing of the Data is carried out automatically based on consent or a contract;

Right to lodge a complaint – if the client is not satisfied with the way in which the Data is processed, they may lodge a complaint with the courts or with the federal data protection authority.

The exercise of these rights is free of charge. Any request relating to the processing of Data should be made to the following address: .

 

  1. DISCLOSURE OF DATA

Dryden ICS SA may disclose Data to its employees, subcontractors, consultants, service providers and competent authorities solely in order to fulfil its duties and provide its professional services, provided that the legal conditions are met.

To protect the privacy and security of its clients, Dryden ICS SA may take reasonable steps to verify their identity before granting access or making corrections.

 

  1. TRANSFER ABROAD

Client data is only processed in Switzerland but may be transferred abroad, unless Dryden ICS SA receives a specific request from the Client not to do so.

 

  1. MARKETING

Marketing communications relating to the activities of Dryden ICS SA may be sent to existing clients, where they have opted in to receive them. Communications based on legitimate interests may be sent to prospective clients.

Marketing communications from Dryden ICS SA will always include the option for the client to unsubscribe from receiving any further marketing communications.

The client may unsubscribe at any time by sending an email to and requesting to be removed from Dryden ICS SA’s marketing lists.

 

  1. COOKIES

Dryden ICS SA uses cookies and other technologies on its website to enable the collection of certain information from client’s web browser. Cookies are widely used on the Internet. Cookies are small text files that are placed on client’s computer by websites visited. They are used to make websites work, or work more efficiently, and to provide information to the site owners.

Information may be collected about computer access, including, where applicable, IP address, operating system and browser type for system administration. This is statistical data about Dryden ICS SA’s browsing actions and patterns and does not identify any individual.

Cookies help to improve the services of Dryden ICS SA and to provide a better and more personalised service. They also help to ensure that the client has read any relevant legal information and to analyse how the Dryden ICS SA website is used.

 

  1. SECURITY

Dryden ICS SA undertakes to ensure the permanent security of the Data as far as it is able.

Dryden ICS SA shall take reasonable and appropriate measures to maintain the confidentiality and integrity of the Data and to prevent the unauthorised use or disclosure of the Data in accordance with the FADP.

This Data, including backups of the Data and Data relating to clients support activities, is hosted by Silicom SA, a subcontractor based in Switzerland.

Dryden ICS SA processes Data only in a manner compatible with the purpose for which it was collected. To the extent necessary for these purposes, reasonable steps are taken to ensure that the Data is accurate, complete, current and otherwise reliable with respect to its intended use.

 

  1. DATA RETENTION

Data is only retained as long as is necessary to fulfil the purposes for which it was collected, to meet the needs of the client and to comply with Dryden ICS SA’s legal obligations.

To establish how long the Data will be kept, Dryden ICS SA will apply the following criteria :

  • for performance of services, Data is retained for the duration of the services or service contract;
  • if the client has consented to receive marketing messages the Data will be retained until consent is withdrawn;
  • if cookies are placed on the client’s computer, Data is retained only for the time necessary to achieve the purpose for which it was collected (for example, one session for registration cookies or session identification cookies).

Dryden ICS SA may retain Data to fulfil legal or regulatory obligations, and to enable Dryden ICS SA to exercise its rights (for example to bring an action before any court) or for statistical or historical purposes. When Dryden ICS SA no longer needs to use or retain the Data, it will be deleted from its systems and files or anonymised so that the client can no longer be identified. Swiss law does however require that documentation must be held for at least 10 years and because of this, we have set out in the schedule below our documentation retention period:

SourceLegal basisArchived forComment
EmailLegitimate interest10 years *Emails for Drydens marketing events can be disactivated at any time upon request.
Personal information (e.g. bank accounts, salary)Engagement letter either with corporate client (e.g. for payroll services) or directly with individual (e.g. personal tax client)10 years *
Corporate documentsEngagement letterWithout limitCorporate documents such as signed Articles of Association, share certificates are archived and not deleted. These can be returned upon written request.
* both physical & electronic records are destroyed after 10 years (with the exception of real estate clients whose records are deleted after 20 years).

 

  1. CHANGES TO THIS POLICY

Dryden ICS SA reserves the right to modify this policy at any time.

The latest version as published on our website is the version that currently applies (dryden.ch).

 

  1. CONTACT INFORMATION

If you have any questions about data protection, you can send an e-mail to the following address:  .

 

  1. EFFECTIVE DATE

This policy has been updated 14.11.2023.