Privacy Statement

Table of contents

1. Controller and content of this privacy policy

Oneconsult International AG operates the website www.oneconsult.com (hereinafter “website”) and, unless otherwise stated, is responsible for the data processing listed in this privacy policy.

A detailed list of locations can be found in our legal information.

Please take note of the information below to know what personal data we collect from you and for what purposes we use it. When it comes to data protection, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Federal Data Protection Act (FADP), as well as the EU General Data Protection Regulation (EU-GDPR), the provisions of which may be applicable in individual cases.

Please note that the following information may be reviewed and amended from time to time. We therefore recommend that you consult this privacy policy regularly. Furthermore, other companies are responsible under data protection law for individual data processing operations listed below or are jointly responsible with us; in these cases, the information provided by these providers is relevant.

2. Contact person for data protection queries

If you have any questions about data protection or wish to exercise your rights, please reach out to our data protection contact by sending an email to: dataprivacy@oneconsult.com

3. Log file data

When you visit our website, the servers of our hosting provider (Nine Internet Solutions AG, Badenerstrasse 47, 8004 Zurich, Switzerland) temporarily store every access to a log file. The following data is collected without your intervention and stored until it is automatically deleted by us:

  • the IP address of the requesting computer,
  • the date and time of access,
  • the name and URL of the accessed file,
  • the website from which the access was made, if applicable with the search word used,
  • the operating system of your computer and the browser you use (incl. type, version and language setting),
  • Device type in case of access by mobile phones,
  • the city or region from where the access was made,
  • the name of your Internet access provider.

The collection and processing of this data is carried out for the purpose of enabling the use of our website (connection establishment), to permanently guarantee system security and stability as well as for error and performance analysis and enables us to optimise our website (cf. on the last points also section 10).
In the event of an attack on the network infrastructure of the website or a suspicion of other unauthorised or abusive website use, the IP address and the other data will be evaluated for the purpose of clarification and defence and, if necessary, used in the context of criminal proceedings to identify and take civil and criminal action against the users concerned.
Our legitimate interest in data processing within the meaning of art. 6(1)(f) EU-GDPR lies in the purposes described above.
When you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You will find more details on this in the subsequent sections of this data protection declaration, in particular Section 9.

4. Contacting us (e.g. reporting a cyber incident, email, phone, etc.)

If you contact us via our contact addresses and channels (e.g. by email or telephone), your personal data will be processed. The data you have provided us with, e.g. the name of your company, your name, your function, your email address or telephone number and your request will be processed. In addition, the time of receipt of the request is documented.

We process this data exclusively in order to process your request (e.g. support in the event of a cyber incident, provision of information about a service, support in the execution of a contract, inclusion of your feedback in the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the processing is necessary for the implementation of the required measures within the meaning of art. 6(1)(b) EU-GDPR.

5. Contact us via our contact form

If you contact us via our contact form, your personal data will be processed. The following data is collected in the process. Mandatory data is marked with an asterisk (*) in the contact form:

  • Salutation
  • First name*
  • Surname*
  • Email address*
  • Phone*
  • I am interested in
  • Message

We process this data exclusively in order to implement your request (e.g. providing information about a service, support in processing a contract, incorporating your feedback in improving our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the data processing is necessary for the preparation and execution of said contract according to art. 6(1)(b) EU-GDPR.

6. Webinar registration

If you register for a webinar via the website, your personal data will be processed. The following data will be collected. Mandatory data is marked with an asterisk (*) in the registration form:

  • Salutation*
  • Surname*
  • First name*
  • Email*
  • I would (not) like to receive the newsletter

We process this data exclusively in order to process your registration for the webinar and to conduct the webinar. The legal basis for this data processing is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in conducting the webinar

7. When applying for a vacancy

If you apply spontaneously via our website or via a corresponding email address for a specific job advertisement, your personal data will be processed. We collect the data that you voluntarily provide to us, such as your CV, references, diplomas, etc.

We use this data, which you have provided voluntarily, to review your application. Application documents of unsuccessful applicants are deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are not legally obliged to retain them for a longer period.

In addition, you can arrange a telephone appointment with us if this is provided for the advertised position. The data you have provided us with will be processed. To arrange a telephone appointment, we use a tool from Calendly LLC. Therefore, your data will be stored in a database of Calendly LLC, which may allow Calendly LLC to access your data if this is necessary for the provision of the software and for support in the use of the software.

The legal basis for the processing of your data for this purpose is therefore the execution of a contract (precontractual phase) in accordance with art. 6(1)(b) EU-GDPR.

8. Use of your data for marketing purposes

8.1 Central data storage and analysis in the CRM system

If it is possible to clearly identify you, we will store and link the data described in this privacy policy, i.e. in particular your personal details, your contact details, your contract details and your surfing behaviour on our websites, in a central database. This serves the efficient administration of customer data and allows us to adequately respond to your requests and enables the efficient provision of the services you have requested and the processing of the associated contracts. We use a tool from Vertec AG (Weststrasse 75, 8003 Zurich) for this purpose. The legal basis for this data processing is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in the efficient management of user data.

We evaluate this data in order to further develop our offers in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict possible, interests and future orders based on your website use. The legal basis for this data processing is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in carrying out marketing measures.

8.2 Email marketing and newsletters

When you register for our email newsletter, the following data is collected. Mandatory data is marked with an asterisk (*) in the registration form:

  • Salutation*
  • First name*
  • Surname*
  • Email address*
  • Oneconsult may contact me*

In order to avoid misuse and to ensure that the owner of an email address has actually given their consent themselves, we use the so-called double opt-in for registration. After sending the registration, you will receive an email from us containing a confirmation link. To definitely register for the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted again and our newsletter will not be sent to this address.

By registering, you consent to the processing of this data in order to receive messages from us about our company, our offers and related products and services. The collection of the salutation and name allows us to personalise the content of the mails.

We will use your data for email distribution until you revoke your consent. Revocation is possible at any time, in particular via the unsubscribe link in all our marketing emails.

Our marketing emails may contain a so-called web beacon or 1×1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information on which addresses have not yet received the email, to which addresses it was sent and for which addresses the sending failed. We also see which addresses have opened the email, for how long and which links they have clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimise the promotional emails in terms of frequency, timing, structure and content. This allows us to better tailor the information and offers in our emails to the individual interests of the recipients.

The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set the parameters of your email program so that HTML is not displayed in messages if this is not already the case by default. Please refer to the help sections of your email software for information on how to configure this setting, e.g. here for Microsoft Outlook.

By subscribing to the newsletter, you also consent to the statistical evaluation of user behaviour for the purpose of optimising and adapting the newsletter. This consent constitutes our legal basis for the processing of the data within the meaning of art. 6(1)(a) EU-GDPR.

We use the email marketing software Mailchimp from The Rocket Science Group, LLC (675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA) for marketing emails. As a result, your data is stored in a Mailchimp database, which allows Mailchimp to access your data as necessary to provide the software and to assist you in using the software. The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1)(f) EU-GDPR in the use of third-party services.

9. Cookies

Cookies are information files that your web browser stores on your computer’s hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.

Among other things, cookies help to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are necessary, i.e. “technically required”, for your desired use of the website. For example, we use cookies to be able to identify you as a registered user after logging in, without you having to log in again each time when navigating the various sub-pages. Furthermore, cookies also perform other technical functions required for the operation of the website, such as so-called “load balancing”, i.e. the distribution of the performance load of the page to different web servers in order to relieve the servers. Finally, we also use cookies as part of the design and programming of our website, for example to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in providing a user-friendly and up-to-date website.

Most internet browsers automatically accept cookies. However, when accessing our website, we ask you for your consent to the cookies we use that are not technically necessary, especially when using cookies from third-party providers. You can use the corresponding buttons in the cookie banner to make your desired settings. Details of the services and data processing associated with the individual cookies can be found within the cookie banner and in the following sections of this data protection declaration.

You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in selected browsers.

Deactivating cookies may mean that you cannot use all the functions of our website.

10. Tracking and web analysis tools

10.1 General information on tracking

For the purpose of demand-oriented design and continuous optimisation of our website, we use the web analysis services listed below. In this context, pseudonymised usage profiles are created and cookies are used (please also refer to section 9). The information generated by the cookie about your use of this website is usually transferred together with the log file data listed in section 3 to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (the measures which guarantee an appropriate level of data protection are mentioned in section 13).

By processing the data, we obtain the following information, among others:

  • Navigation path followed by a visitor on the site (incl. content viewed and services selected or purchased),
  • Visiting time on the website or sub-page,
  • the sub-page on which the website is left,
  • the country, region or city from where access is made,
  • End device (type, version, colour depth, resolution, width and height of the browser window) and
  • Returning or new visitor.

On our behalf, the provider will use this information to evaluate the use of the website, to compile reports on website activities for us and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these internet pages. For these processing operations, we and the providers may be considered joint data controllers up to a certain extent.

The legal basis for this data processing with the following tools is your consent within the meaning of art. 6(1)(a) EU-GDPR. You can revoke your consent or refuse processing at any time by rejecting or deactivating the relevant cookies in your web browser settings (see section 9) or by making use of the service-specific options described below.

For the further processing of the data by the respective provider as the (sole) data protection controller, in particular also any forwarding of this information to third parties such as authorities on the basis of national legal regulations, please refer to the respective data protection information of the provider.

10.2 Google Analytics

We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”).

In the process, the data described about the use of the website may be transmitted to the servers of Google LLC. in the USA for the processing purposes explained (see section 10.1) may be transmitted to the servers of Google LLC. in the USA. The IP address is shortened by activating IP anonymisation (“anonymizeIP “) on this website before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Users can prevent the collection of the data generated by the cookie and related to the website use by the user concerned (incl. the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en . Further information on data protection at Google can be found here .

10.3 Google Tag Manager

On our website, we use the Google Tag Manager from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”). Google Tag Manager is a solution with which marketers can manage website tags via an interface. The Tag Manager tool is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn collect personal data. Google Tag Manager does not access this data, according to Google. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. You can prevent the setting of tags at any time.

The legal basis for processing the data for this purpose is our legitimate interest according to art. 6(1)(f) EU- GDPR.

11. Social media

11.1 Social media profiles

On our website, we have included links to our profiles in the social networks of the following providers:

  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland,
  • Twitter Inc. with its registered office at 1355 Market Street, Suite 900, San Francisco, CA 94103, USA,
  • Xing of XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.

When you click on the icons of the social networks, you are automatically redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link.

If you click on a link to a network while you are logged into your user account with the network concerned, the content of our website may be linked to your profile so that the network can assign your visit to our web-site directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please therefore note the information on the network’s website.

The legal basis for any data processing attributed to us is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in the use and promotion of our social media profiles.

11.2 Social Media Plugins

On our website, you can use social plugins from the providers listed below:

  • Meta Platforms Inc. (formerly Facebook), 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy,
  • Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, Privacy Notice,
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Policy,
  • XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany, Privacy Policy.

We use the social plugins to make it easier for you to share content from our website. The social plugins help us to increase the visibility of our content on social networks and thus contribute to better marketing.

The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when you simply call up our website. To increase data protection, we have integrated the plugins in such a way that a connection is not automatically established with the networks’ servers. Only when you activate the plugins and thus give your consent to the transmission and further processing of data by the providers of the social networks, does your browser establish a direct connection to the servers of the respective social network.

The content of the plugin is transmitted directly to your browser by the social network and integrated into the website by it. This provides the respective provider with the information that your browser has accessed the corresponding page of our website, even if you do not have an account with this social network or are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a server of the provider (usually in the USA) and stored there. We have no influence on the scope of the data that the provider collects with the plugin, although from a data protection perspective we can be considered jointly responsible with the providers up to a certain extent.

If you are logged in to the social network, it can assign your visit to our website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g. that you like a post of ours) may also be published on the social network and possibly displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertisements and designing the respective offer in line with requirements. For this purpose, usage, interest and relationship profiles could be created, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services associated with the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as your rights in this regard and setting options for protecting your privacy, can be found directly in the data protection information of the respective provider.

If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. Your consent within the meaning of art. 6(1)(a) EU-GDPR forms the legal basis for the data processing described. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in their data protection information.

11.3 Contact via LinkedIn Lead Gen Forms

We use the LinkedIn Lead Gen Forms service to contact interested parties and acquire new customers. You can contact us via predefined forms on LinkedIn. The personal data you enter is collected, stored and transmitted to us by LinkedIn. This includes your name, email address and mobile or landline phone number. We use this data to contact you and to send you information about our services and products. We process this data to inform you about our products and to communicate with you. The legal basis for the processing is your consent given by sending the forms in accordance with Art. 6 para. 1 lit. a GDPR. Note: You can revoke your consent at any time for the future. To do so, please contact us through the address above.

We will delete your data transmitted in this way two years after our last contact. If there are no legal retention periods to the contrary, the data will be deleted. On LinkedIn, the personal data generated in this way is automatically deleted after 90 days at the latest. For more information on how LinkedIn uses your data, please refer to LinkedIn’s privacy policy. The data processing takes place within the framework of joint responsibility within the meaning of Art. 26 GDPR between LinkedIn and us. You can find the joint agreement here.

12. Disclosure to and access by third parties

Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such a transfer takes place to the extent that it is necessary for the fulfilment of the contract requested by you, i.e. for example providers that we use for order processing. The legal basis for these disclosures is the necessity for the fulfilment of the contract within the meaning of art. 6(1)(b) EU-GDPR.

Furthermore, we may transfer your data to companies affiliated with us (see imprint ). The legal basis for this data transfer is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in uniform data management within the group.

Moreover, data is passed on to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are also explicitly mentioned in this privacy policy. These are, for example, IT service providers (such as providers of software solutions) or other consulting companies. Our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in the procurement of third-party services forms the legal basis for this data transfer.

In addition, your data may be disclosed, in particular to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction. The legal basis for this data transfer is our legitimate interest within the meaning of art. 6(1)(f) EU-GDPR in safeguarding our rights and complying with our obligations or the sale of our company.

13. Transfer of personal data abroad

We are also entitled to transfer your personal data to third parties abroad, insofar as this is necessary to carry out the data processing mentioned in this data protection declaration. In doing so, the legal provisions on the disclosure of personal data to third parties will of course be complied with. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements that your data is adequately protected at these companies.

14. Your rights

Provided that the legal requirements are met, you have the following rights as a person affected by data processing:

Right of access:
You have the right to request access to your personal data stored by us at any time and free of charge when we process it. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with applicable data protection regulations.

Right to rectification:
You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.

Right to deletion:
You have the right to have your personal data erased under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, the deletion may be replaced by a blocking of the data if the conditions are met.

Right to restrict of processing:
You have the right to request that the processing of your personal data be restricted.

Right to data transfer:
You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.

Right to object:
You can object to data processing at any time, especially for data processing in connection with direct advertising (e.g. advertising emails).

Right of withdrawal:
In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your revocation.

To exercise these rights, please send us an email to the following address: dataprivacy@oneconsult.com

Right of complaint:
You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.

15. Data security

We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to the personal data to the extent necessary for the fulfilment of their tasks.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and even we cannot provide an absolute guarantee for the security of information transmitted in this way.

16. Retention period

We only store personal data for as long as is necessary to carry out the processing explained in this privacy policy within the scope of our legitimate interest. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data arise from the provisions on accounting and from tax law regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. As far as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data is deleted as soon as there is no longer any obligation to retain it and no longer any legitimate interest in retaining it.

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

For more information about our DFIR services here:

QR_CSIRT_2022_EN@2x
Add CSIRT to contacts