Protecting your privacy is very important to us.
For this reason, we collect and process your data in accordance with the statutory provisions of the Swiss Data Protection Act (DPA) and now specifically under the EU General Data Protection Regulation (EU GDPR) as well. The information set out below gives you an overview of how we process your personal data and your rights based on the data protection legislation.
1. Who is the data controller and to whom can I contact?
The controller is
Top Fifty AG
You can reach us at
Tel.: +41 (0)41 412 02 02
E-mail address: email@example.com
2. Which sources and data do we use?
Top Fifty AG (Top Fifty) collects personal data directly from you. When we do so, we only record the personal data that are necessary for the respective contractual purpose (principle of data minimisation) or that we have voluntarily received from you as part of our business relationship. Top Fifty collects and processes:
- applicant data such as name, address, other contact data (telephone, e-mail address), date/place of birth, gender, nationality, civil status;
- data on your professional background (including school and university education, work references, recommendation letters, other qualifications etc.);
- details on consent in marketing and communication, use of your e-mail address or telephone number by Top Fifty to create profiles and presentations.
You normally provide us with these data at the beginning with your enquiry (e.g.: registration in our network). In certain cases however, we may receive personal data from third parties.
During contract negotiations and the business relationship, particularly through personal, telephone or written contact that is initiated by you or by us, more personal data are created, e.g. information about contact channel, date, event and result, (electronic) copies of written correspondence as well as information about participation in direct marketing measures.
3. For what purposes are the data processed and what is the legal basis for this?
We collect and process your data for the following purposes:
- to conclude a contract, perform a contract and for customer management;
- for information about Top Fifty services;
- to broker vacant management or VP level positions for interim managers;
- to fulfil statutory obligations or official requirements.
We process the personal data outlined above in line with the provisions of the Swiss Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).
We do so regularly to fulfil contractual obligations we have taken on for you (Article 6 (1) (b) EU GDPR).
If necessary, we process your data in a way that goes beyond the actual performance of the contract for the purposes of the legitimate interests pursued by us or third parties (Article 6 (1) (f) EU GDPR), such as asserting legal claims and defending legal conflicts or preventing offences.
If you have given us your consent to process personal data for specific purposes, such as recording your application data in our applicant database or passing on your application data to potential interested parties, the legitimacy of this processing is based on your consent (Article 6 (1) (a) EU GDPR). You may withdraw your consent at any time. This also applies to the withdrawal of declarations of consent that were given to us before the effective date of the EU GDPR, i.e. before 25 May 2018. Please note that withdrawal only applies to the future. Processing that took place prior to withdrawal is not affected by this.
4. Who can be a recipient of personal data?
Your personal data are collected by Top Fifty. Its IT systems save all the data required to perform a contract and for customer management purposes. Within Top Fifty, departments gain access to your data so that we can fulfil our contractual and statutory obligations.
In order to provide our contractual services, Top Fifty uses selected service companies that receive access to your data to the required extent and may use these solely to fulfil the assignments that we place with them.
Possible data recipients are therefore
- potential interested parties for applicants with vacant management positions;
- IT service and consultancy companies;
- external service providers;
- management consultancies as well as accounting and tax audit companies;
- government bodies, including fiscal authorities.
In the event of any payment default, we reserve the right to transfer your data to collection agencies or lawyers for recovery purposes.
All service companies that we engage are checked for their data privacy standards before we place assignments with them and they are obliged to comply with statutory data protection provisions. We do not pass on data to third parties that we engage for any other purposes, unless we are entitled or obliged to do so by law or you have first given us your consent to do so.
5. Are personal data transferred to a third party country or to an international organisation?
Data transfers to countries outside Switzerland and the EU or EEA (third party countries) only occur if this is necessary to fulfil the contractual obligations we have towards you, if this is prescribed by law (e.g. tax reporting obligations), if you have given us your consent to do so or for contract data processing (e.g. SeniorManagementWorldwide). If we engage service providers in a third party country, then in addition to written instructions through the agreement of EU standard contract terms, they are also obliged to comply with the level of data protection in Europe.
6. How long are personal data saved for?
Top Fifty saves your data for the period of the existing business relationship with you and if there is a legitimate interest beyond the duration of the business relationship.
We process and save your personal data for as long as this is necessary for us to fulfil our contractual and statutory obligations. In doing so, it should be noted that our business relationship is a continuing obligation that extends over several years. If the data are no longer required to fulfil contractual or statutory obligations, these are regularly deleted unless their time-limited further processing is required for the following purposes:
- complying with storage periods under commercial and tax law. These prescribed periods on storage and documentation range from six to ten years.
- receiving evidence under statute of limitation provisions that may be up to 30 years according to statutory principles, with the standard statute of limitation being three years.
7. What rights do I have under the EU GDPR as a data subject?
Every data subject has a
- right of access under Article 15 EU GDPR
- right to rectification under Article 16 EU GDPR
- right to erasure under Article 17 EU GDPR
- right to restriction of processing under Article 18 EU GDPR
- right to object under Article 21 EU GDPR, and
- right to data portability under Article 20 EU GDPR.
Under the right of access and erasure, potential restrictions apply pursuant to the Swiss Data Protection Act (DPA). There is also a right to lodge a complaint with a data protection supervisory authority (Article 77 EU GDPR).
Consent given for the processing of personal data may be withdrawn from us at any time. This also applies to the withdrawal of declarations of consent that were given to us before the effective date of the EU GDPR, i.e. before 25 May 2018. Please note that withdrawal only applies to the future. Processing that took place prior to withdrawal is not affected by this.
8. Do you have an obligation to provide personal data?
As part of our business relationship, you must provide personal data that are required for the establishment, implementation and termination of a business relationship and for fulfilment of the related contractual obligations or that we are legally obliged to collect. Without these data, we will normally have to refuse to conclude the contract or execute the assignment or can no longer perform an existing contract or have to terminate it.
9. Is there automated decision-making?
We do not on principle use wholly automated decision-making under Article 22 EU GDPR in order to establish and implement the business relationship.
As at: May 2018