Privacy policy

General

Compensation Governance Services AG (“CGSE”) is committed to protecting your personal data in compliance with the
Swiss Federal Act on Data Protection (revDPA) and the EU General Data Protection Regulation (GDPR). This policy
informs you about what personal data is collected, how it is used, and the rights you have in relation to your data.

Controller

Compensation Governance Services AG
Industriestrasse 16
6300 Zug, Switzerland
Tel: +41 0800 228 822
Email: [email protected]

As a private controller under revDPA and GDPR, CGSE is not required to appoint a Data Protection Officer but remains
available for any questions via the above contact details.

What Personal Data Is Collected

You may provide the following personal data via our website:

  • First and last name
  • Email address
  • Function
  • Phone number

We may also collect your IP address and browser data when visiting the website. This is primarily used for system
administration and security purposes.

Legal Basis and Purpose of Processing

Your personal data is processed:

  • To respond to contact requests and enquiries
  • To send newsletters or information you explicitly subscribed to
  • To maintain client or prospective client relationships
  • To ensure the technical functioning and improvement of our website

The processing is based on your consent (Art. 6(1)(a) GDPR / Art. 31 revDPA) or, where applicable, the necessity of
processing for contractual purposes (Art. 6(1)(b) GDPR / Art. 31 revDPA).

Message (Contact Form)

When visitors leave a message in the contact form on the site, we collect the data shown in the contact form, as well
as the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to
see if you are using it. The Gravatar service privacy policy is available
here.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included.
Visitors to the website can download and extract any location data from images on the website.

Newsletters and CRM Use

We may use a CRM system to manage communications and send newsletters. Your personal data may be stored in this
system if you explicitly consent to receive marketing or information emails. You may unsubscribe at any time using
the link provided in each message.

Cookies

Our website uses cookies to improve usability and functionality. Technically necessary cookies are always active. All
other cookies require your consent, which is requested upon your first visit to the site. You can remove cookies
manually via your browser settings at any time.

If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are
for your convenience so that you do not have to fill in your details again when you leave another comment. These
cookies will last for one year.

For more information, please refer to our Cookie Policy.

Social Media Plugins

We may use LinkedIn plugins to allow content sharing. These plugins may collect your IP address and associate your
visit with your LinkedIn account if you are logged in. We are not responsible for LinkedIn’s data processing. See
LinkedIn’s Privacy Policy for more details.

Embedded Content from Other Websites

Articles on our site may include embedded content (e.g., videos, images). Such content behaves as if the user had
visited the third-party site directly, which may collect data and use cookies independently.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access,
misuse, loss, or alteration. Access to data is limited to authorized personnel and handled in accordance with
confidentiality obligations.

Retention Periods

Your data is stored only as long as necessary for the stated purposes or to meet legal and regulatory requirements.
Contact details related to newsletters are retained until you unsubscribe. Operational data (e.g., logs) is generally
deleted within 12 months unless longer retention is justified by legal or contractual necessity.

Your Rights

You have the following rights, subject to applicable law:

  • Access: Request a copy of your stored personal data
  • Rectification: Correct inaccuracies in your data
  • Erasure: Request deletion of your data (subject to legal retention obligations)
  • Objection: Withdraw consent or object to certain data uses
  • Data portability: Receive a copy of your data in a structured format (GDPR only)

To exercise these rights, please send your request along with proof of identity to:
[email protected]

International Data Transfers

If data is transferred to countries without adequate data protection, we ensure appropriate safeguards, such as
Standard Contractual Clauses, are in place.

Changes to This Policy

This Data Protection Policy may be updated from time to time. The version published on this website is the applicable
one. We recommend reviewing this policy regularly.

Scroll to Top