Version effective as of December 15, 2022.
With this Privacy Notice we, Dr. Bjørn Johansson Associates AG, on behalf of ourselves and our affiliates (together “BJA“, “we” or “us“), describe what we do with your data when you use our website www.johansson.ch (“website“), obtain services or products from us, interact with us, communicate with us, or otherwise deal with us. This Privacy Notice is not necessarily a comprehensive description of our data processing. It is possible that other privacy notices, consent forms, terms and conditions or similar documents are applicable to specific circumstances.
The term “personal data” in this Privacy Notice means any information that identifies, or could reasonably be used to identify any person.
If you provide us with personal data of other persons (such as family members, co-workers etc.), we assume that you are authorized to do so, and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.
This Privacy Notice is aligned with the EU General Data Protection Regulation (“GDPR“), the Swiss Data Protection Act (“DPA“) and the revised Swiss Data Protection Act (“revDPA“). However, the application of these laws depends on each individual case.
Controller / Representative
The “controller” of data processing as described in this Privacy Notice is Dr. Bjørn Johansson Associates AG (unless we have informed you differently in certain cases). You can notify us of any data protection related concerns using the following contact details:
Dr. Bjørn Johansson Associates AG
+41 44 262 02 20
Collection and Processing of Personal Data
We primarily process personal data that we directly obtain from you in your capacity as candidate, client, referee or other individual or business partner in the context of our business relationship with you or that we collect when you use our website and other applications. You are generally not obliged or required to disclose data to us. However, if you wish to enter into contracts with us or use our services, you must also provide us with certain data as part of your contractual obligation and/or in order for us to provide our services.
In addition, and insofar as it is permitted to us, we also process certain personal data obtained from publicly accessible sources (e.g., commercial register or other public registers, press, internet, social media etc.), from authorities or other third parties (such as agencies specializing in background checks, referees etc.).
The categories of personal data that we process include, but are not limited to:
- personal details, such as given name(s), preferred name, photograph, employment history, education history, degrees, other qualifications or skills, and any other typical curriculum vitae content;
- demographic information, such as gender, date of birth / age, nationality, visa information, salutation, title(s) and language preferences;
- contact details, such as correspondence address, telephone number, email address and details of public social media profile(s);
- information in connection with your professional role and activities (e.g., job title and role / function, salary and compensation data, performance reviews and disciplinary information) including employer details (e.g., the name, address, telephone number and email address of the employer and relevant references);
- views and opinions that you publicly made or third party views and opinions regarding the suitability of a candidate for a particular role within a client’s organization;
- social media presence and activity;
- records of any contact with us, including consents you may have given, together with the date and time, means of communication and any related information;
- records of compliance with relevant policies, procedures, standards and guidelines;
- credit rating information (if we conduct business activities with you personally);
- data in connection with your use of our website (e.g., IP address, MAC address of your smartphone or computers, information regarding your device and settings, cookies, date and time of your visit, sites and content retrieved, applications used, referring website, localization data etc.);
- behavioral and preference data, such as records of your interactions with our online advertising and content, or advertising and content displayed on pages displayed to you, and any interactions you may have had with such content or advertising.
Purpose of Data Processing and Legal Grounds
We primarily use collected data to conclude and process contracts with our clients and business partners, in particular to provide board and executive search and assessment services, leadership consulting services and related advisory services, as well as to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as candidate, referee, client or business partner or as (current or future) employee of such a client or business partner.
In addition, in line with applicable law and where appropriate, we may process your personal data and personal data of third parties for the following purposes, which are in our (or, as the case may be, any third parties’) legitimate interest, such as:
- providing, developing and improving our products and services as well as the website or other platforms, on which we are active;
- communication with third parties and processing of our or their requests;
- fulfilling our compliance obligations, including ‘Know your Client’ checks, confirming and verifying your identity and screening against government and/or law enforcement agency sanctions lists or other legal restrictions;
- advertisement and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose (if you are part of our client base and you receive our advertisement, you may object at any time by contacting us at the address provided in Section 1 above and we will unsubscribe you from our promotional mailing list);
- market and opinion research, media surveillance;
- exercising legal rights, asserting legal claims and defense in legal disputes and official proceedings;
- prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
- ensuring our operation, including management of our communication systems, our IT, our website and other appliances;
- video surveillance to protect our domiciliary rights and other measures to ensure the health and safety of our premises and facilities as well as protection of our employees and other individuals and assets owner by or entrusted to us (such as e.g. access controls, visitor logs, network and mail scanners, telephone recordings);
- acquisition and sale of business divisions, companies or parts of companies and other corporate transactions and the transfer of personal data related thereto, as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations of BJA.
If you have given us your consent to process your personal data for certain purposes, we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
Cookies / Tracking and Other Techniques Regarding the Use of our Website
We typically use “cookies” and similar techniques on our website, which allow for an identification of your browser or device.
We may also use Google Analytics or similar services on our website. These are services provided by third parties, which may be located in any country worldwide (in case of Google Analytics Google LLC located in the United States; www.google.com) and which allow us to measure and evaluate the use of our website (on an anonymized basis). For this purpose, permanent cookies are used, which are set by the service provider. Although we assume that the information we share with the service provider is not personal data, it may be possible that the service provider may be able to draw conclusions about the identity of visitors based on the data collected, create personal profiles and link this data with the service provider accounts of these individuals for its own purposes. If you have registered with the service provider, the service provider will also know your identity. In this case, the processing of your personal data by the service provider will be conducted in accordance with its data protection regulations. The service provider only provides us with data on the use of the respective website (but not any personal information of you).
Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. Most browsers are preset to accept cookies. If you block cookies, it may impact your experience on our website and it is possible that certain functions (such as, e.g., language settings) are no longer available to you.
In addition to, or in combination with, cookies we may also use web beacons (or clear GIFs) and other similar technologies. A web beacon is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a website or in an email and that helps us to understand the behavior of visitors of our website. You may disable this in your browser settings or in your e-mail program.
More information on cookies and web beacons, including information how to manage cookies, can be found at http://www.allaboutcookies.com. Please note that this is an unaffiliated third-party website, and that we are therefore not responsible for its content.
Data Transfer and Transfer of Data Abroad
In the context of our business activities and in line with the purposes of the data processing set out in Section 3, we may or may need to transfer data to third parties (insofar as such a transfer is permitted and we deem it appropriate) in order for them to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients may be concerned (together “Recipients“):
- clients, dealers, suppliers, subcontractors and other business partners;
- accountants, auditors, lawyers and other outside professional advisors of us;
- service providers and processors (such as payment services providers or IT providers);
- legal and regulatory authorities, upon request or for the purpose of reporting any actual or suspected breach of applicable law or regulation;
- domestic and foreign authorities, courts or other parties in possible or pending legal proceedings;
- any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against the prevention of threats to public security;
- acquirers or parties interested in the acquisition of all or parts of our business or assets;
- affiliates of BJA.
Due to the international nature of our business, certain Recipients may be within Switzerland, but they may be located in any country worldwide. You must anticipate your data to be transmitted to any country in which our clients, their affiliates or business partners, as well as service providers or experts consulted are located, in particular countries in Europe as well as the USA.
If we transfer data to a Recipient, the Recipient will be subject to binding contractual obligations to (i) only process the data in accordance with our prior written instructions and (ii) use measures to protect the confidentiality and security of the data, together with any additional requirements under applicable law. If a Recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (on the basis of the European Commission’s standard contractual clauses, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the Recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply, for example, in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has generally been made available by you and you have not objected against the processing.
Retention Periods for your Personal Data
We process and retain your personal data as long as necessary for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e., for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against us or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).
We have taken appropriate technical and organizational measures designed to protect your personal data from unauthorized access, misuse, destruction, loss or alteration.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your personal data, we cannot guarantee the security of the data transmitted to us using the internet (including e-mail). We are not responsible or liable for the security of your data whilst in transit via the internet. Any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us is sent securely.
Obligation to Provide Personal Data To Us
In the context of our business relationship you must provide us with certain personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations (as a rule, there is no statutory requirement to provide us with data). Without this information, we will usually not be able to enter into or carry out a contract with you (or the entity or person you represent). In addition, the website may not be used unless certain information is disclosed to enable data traffic (e.g., IP address).
We may automatically evaluate personal aspects relating to you (profiling) based on your data for the purposes set out in Section 3, where we wish to determine preference data, but also to detect misuse and security risks, to perform statistical analysis or for operational planning. If we do so, we pay attention to the proportionality and reliability of the results and take measures against misuse of these profiles or profiling. Where profiling can produce legal effects concerning you or similarly significantly affect you, we generally ensure human review.
In accordance with, and as far as provided by, applicable law (as is the case where the revDPA or the GDPR is applicable), you have the right:
- not to provide personal data to us (however, please note that in such case, we may not be able to provide you with the full benefit of our services);to request information from us as to whether and what data we process from you;
- to have us correct data if it is inaccurate;
- to request erasure of data;
- to request restriction of processing or to object to our data processing;
- to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller (data portability);
- to withdraw consent, where our processing is based on your consent;
- to receive, upon request, further information that is helpful for the exercise of these rights.
If you wish to exercise the above-mentioned rights, please contact us at the address provided in Section 1 above. In general, exercising these rights requires that you can prove your identity (e.g., by a copy of identification documents, if your identity is not evident otherwise or can be verified in another way). If exercising certain rights will incur costs on you, we will notify you thereof in advance.
Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law and that we reserve the right to invoke or enforce such conditions, exceptions or restrictions, for example, to protect third parties or trade secrets or if we are obliged to retain or process certain data or need the data for asserting claims. Please further note that the exercise of these rights may conflict with your contractual obligations and may thus result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.
In addition, you have the right to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch). You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en.
Amendments of this Privacy Notice
We may amend or update this Privacy Notice at any time without prior notice. The current version published on our website applies. If the Privacy Notice is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.