Cookies & Privacy Policy

1. Data controller

Welcome to Cosar GmbH, a company registered in Switzerland with company number CH-020.4.028.431-5 and having its office at Via Nouva 8, 7503 Samedan, Switzerland (collectively “Cosar”, “'we”, “us” and “our” etc.), which is responsible for your personal data.

We are a business advisory firm to companies in various sectors. We provide services, including, but not limited to: (i) leadership assessment and development advisory; (ii) organizational development; (iii) talent management; (iv) board advisory; (iv) senior team development; (v) organizational design; and (vi) business development, (collectively the “Services”).

We will control the information which you provide or that we collect from you on gaining access to the following website:

www.cosar.ch (including all web pages hosted at these domains collectively “Website”).

We respect the privacy of our clients and other users of our Services (“you”, “your”) and are committed to protecting your personal data according to the applicable laws. This privacy policy (“Policy”) explains how, to what extent and for what purposes we are collecting and subsequently processing your personal data when you use our Website and Services as well as what are your rights with respect of processing of the personal data.

For the purpose of this Policy, the data controller of personal data is Cosar.

Until such time as any changes are made to the legal status of the local law on data protection of the Canton of Grisons and the Swiss Federal Act on Data Protection (FADP), this Policy shall also apply to legal entities to the extent that the IDG or FADP is applicable.

Please find our contact details indicated in the ”Contact details” section at the end of the Policy.

2. Purpose and legal basis for processing of personal data

We process your personal data in accordance with the provisions of the local law on data protection of the Canton of Grisons, the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR) to the extent that their corresponding regulations are applicable.

When processing personal data in accordance with the local law on data protection of the Canton of Grisons or FADP, we rely on, in particular, principles of lawfulness, fairness (good faith), proportionality, transparency, purpose limitation, accuracy, informed consent and data security. Where the GDPR is applicable, we list individually the legal basis of the processing.

The purposes for which we process your personal data and the corresponding legal basis are presented in the table set out in Appendix 1.

Our Services are intended to be used by only adults. Neither do we want to, nor do we collect information pertaining to children. If you believe that your child may have provided us with its personal information, please contact us using the contact details provided in “Contact details” section below so we can will delete such data, subject to the applicable law and this Policy.

3. Data security

We use appropriate technical and organizational measures and safeguards designed to help prevent unauthorized access, unlawful processing, and unauthorized or accidental loss of your personal data. This includes, for example, the encryption of your communication with us over the Website based on the Secure Sockets Layer (SSL) protocol.

4. Data subject’s rights

You have the following rights:

• to request to receive access to your personal information to the extend and within time limit provided for in applicable law;
• to request the rectification of your incorrect personal data;
• to request the deletion, destruction or anonymization of your personal data;
• to request to receive a copy of  the personal data in a commonly used electronic format or to transfer such data to another controller;
• to object (opt-out) to the automated decision-making to the extent provided for in applicable law;
• to object (opt-out) to the processing of your personal data.

If the GDPR is applicable, you have the following rights:

• to obtain from us confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data to the extend provided for in the applicable law (Article 15 of the GDPR);
• to obtain from us the rectification of your inaccurate personal data (Article 16 GDPR);
• to obtain from us the erasure of your personal data (Article 17 of the GDPR);
• to obtain from us restriction of processing of your personal data to the extent provided for in applicable law (Article 18 of the GDPR);
• to receive your personal data concerning, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Article 20 of the GDPR);
• to object to processing of your personal data (Article 21 of the GDPR);
• to lodge a complaint with a competent data protection supervisory authority (Article 77 of the GDPR).

To make a respective request, please use the contact details provided in “Contact details” section below.

5. Retention Period

We may store your personal data for as long as it is necessary to fulfil our contractual and statutory obligations or for as long as we consider it necessary for the purposes for which they are being processed or our legitimate interests exist or your consent has not been revoked.

If the data are no longer necessary to fulfil contractual or statutory obligations, they are deleted on a regular basis unless there is a need to further process the data – for a limited period of time – for the following purposes:

• to comply with retention obligations under commercial and tax law, in particular the Code of Obligations (CO) and the tax laws. These laws usually specify time limits of ten years for retention or documentation.
• to preserve evidence under the statute of limitations. In accordance with Art. 127 FF of the Swiss Code of Obligations (OR), these statutes of limitation may be up to 10 years. The statute of limitation for diploma documents is 50 years.

6. Recipients

Under no circumstances your personal data (candidate information) will be used for purposes other than providing the Services for which your candidate information has been provided to us.

Your candidate information may be disclosed to:

• clients: we may disclose excerpts of your candidate information such as your professional education and employment history with particular clients in order to confirm whether such clients might be interested in you as a candidate with respect to an opening for an executive or similar management position they have informed us of. The information disclosed will be limited to what is necessary for this purpose. We will not disclose the entirety of your candidate information or otherwise introduce you to any client in detail without first obtaining a consent from you;
• consultants and staff: we may disclose your candidate information to our consultants and administrative staff for the purposes of providing the Services;
• service providers: we may disclose your personal data to third-party service providers and advisors who provide us with services, such as website hosting and professional services, including information technology services, payroll services, auditing services, consultancy services, regulatory services, and legal services in other countries;
• legal reasons: we may disclose your personal data under applicable laws, in particular, to respond to requests from competent authorities, to comply with court orders and other legal proceedings as well as to obtain legal remedies.

7. Automated decision-making

We do not use fully automated decision-making processes to establish and conduct business relationships. In the event that we should use such processes in individual cases, we will inform you accordingly to the extent prescribed by law.

8. Cookies

We use cookies information to give you relevant information when you use www. cosar.ch.

Cookies and other similar tracking technologies are small text files or code placed on your device (e.g. computer, smartphone or other electronic device) when you use our Website or open certain e-mails. Cookies are used to identify specific users and are used to improve your web browsing experience. Cookies allow a website to recognise a particular device. Cookies are not programmes and therefore cannot “do” anything on the computer. The Website may only retrieve the information that it has placed on the computer. It does not have access to any other cookie files or to any other information on the computer.

[What we use cookies for] We use cookies and other similar tracking technologies to:

• improve the functionality of the Website and to track information about how the Website are used in order to continually improve it and personalize it to user preferences;
• recognize you whenever you visit our Website (this speeds up your access to our Website as you do not have to log in each time);
• obtain information about your preferences and use of our Website;
• carry out research and statistical analysis to help improve our content and services and to help us better understand our users’ requirements;
• target our marketing and advertising campaigns and those of our affiliates more effectively by providing interest-based advertisements that are personalized to your interests; and
• make your online experience more efficient and enjoyable.

[Type of cookies and other technologies] The types of cookies we place on your device and other tracking technology we use on our Website are presented in the table set out in Appendix 2.

[Consent to use cookies] We will ask for your permission (consent) to place cookies or other similar tracking technologies on your device, except where these are essential for us to provide you with a service that you have requested.

There is a notice on our home page which describes how we use cookies and requests your consent before we place any non-essential cookies on your device.

[How to turn off cookies] If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of our Website.

If you want to find out more about cookies including how to see which cookies have been set and how to manage and delete them, you should visit the third party website: www.allaboutcookies.org.

[Opt-out e-mail marketing] You can always opt-out of our marketing communications by using the “manage your preferences” link located at the bottom of our e-mail communications or you can e-mail us at info@cosar.ch.

[Updates to cookies] It may be that we will update this Policy or Appendix 2 in order to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reasons.

The date at the bottom of this Policy indicates when it was last updated

9. International transfers

Some of our service providers are located in countries outside the Switzerland and European Economic Area (“EEA”). In some cases not all of these countries have data protection laws and standards which provide an equivalent level of protection to that provided for under Switzerland or EEA law.

Should we transfer your personal data to a country outside the Switzerland or EEA which is not recognised as having an adequate level of protection for personal data by the Federal Data Protection and Information Commissioner or EU Commission (as applicable), we will put in place appropriate safeguards to protect your personal data, including by using standard contractual clauses. Such transfers may also be necessary in order to perform a contract with you or fulfil your request or through obtaining your explicit consent.

10. Complaints

If you have any questions or concerns regarding our Policy or practices, please contact us using the details provided in the “Contact details” section below.

You are entitled to different rights depending on the applicable legal basis. If the local law on data protection of the Canton of Grisons or the FADP is applicable, your rights are governed by these regulation.

If you resident in the EEA, the GDPR is applicable, and you also have the right to complain to your local data protection supervisory authority. You can find details regarding your local data protection regulator here.

11. Links

Our Website may contain hyperlinks to other webWebsite that are not operated or monitored by Cosar. These other webWebsite are not subject to this Policy and we are not responsible for their content or for their treatment of personal data as they are operated by third parties. Use of such webWebsite, including transmitting your personal data to them, will be at your own risk.

12. Amendments

We reserve right to make amendments to this Policy from time to time. We may change our business activities and/or our policies and procedures with respect to the processing of personal data. Where appropriate in these cases, we will, subject to applicable law, revise, supplement, or replace this Policy. Any changes will be posted on the Website with an updated revision date.

13. Contact details

The data controller responsible for processing is Cosar GmbH, Via Nouva 8, 7503 Samedan, Switzerland.

 

APPENDIX 1 – PURPOSES AND LEGAL BASIS FOR PROCESSING

CATEGORY OF PERSONAL DATA	HOW WE USE IT	LEGAL BASIS FOR PROCESSING
contact details (name, address, phone/mobile number, e-mail address, passport number and date of birth (if mandatory); biographical data; employment details; professional education, diplomas and certificates; information provided to evaluative measures, surveys and interviews (if applicable); sensitive personal information you might choose and explicitly consent to disclose to us; information on your personal and professional life publicly available via social media services or otherwise on the Internet, that might be important with regard to the relevant Services	To register you as a candidate.	Consent  (Art. 6(1)(a) of the GDPR) or Performance of a contract (Art. 6(1)(b) GDPR)
	To operate the databases including your candidate information that you provided us with.
	To analyze your candidate information using analytical tools and comparing the results against other candidates, including categorization of candidates through profiles developed by the software, to assist us in conducting the Services.
	To execute searches for potential candidates on behalf of our clients that have an opening for an executive or similar management position or for a board directors.
	To inform you about open executive or similar management positions potentially suitable for you.
	To manage and improve provision of the Services for our clients which may include processing of your personal data provided to us by you as part of respective assignments for our clients.	Legitimate interests (Art. 6 (1)(f) of the GDPR) It is in our and your legitimate interests to provide clients with the Services they have requested from us and that we continually improve these.
contact details; biographical data; employment details; information provided to evaluative measures, surveys and interviews (if applicable);	To carry out marketing activities to promote the Services, including conducting marketing calls and sending you personalised materials that we believe you may find interesting, such as reports, research, invitations to networking events, or information regarding our Services, publications and surveys.	Legitimate interests (Art. 6 (1)(f) of the GDPR) It is necessary in our legitimate interests to grow and develop our business.
contact details	To send you information regarding changes to our policies, other terms and other technical information.	Legitimate interests (Art. 6 (1)(f) of the GDPR) It is in our legitimate interests to ensure that any changes to our policies and terms are communicated to you so that you are aware of these.
cookies; account details; contact details	To administer the Website, including resolving technical issues, data analysis, testing, research, statistical and survey purposes.	Legitimate interests (Art. 6 (1)(f) of the GDPR) It is in our legitimate interests to continually monitor and improve our services and to ensure network security.

 

APPENDIX 2 - COOKIES LIST

Necessary cookies

These cookies are mandatory for the functioning of the website and cannot be disabled from our systems. These cookies are set for the purpose of website user response in terms of privacy settings, logging, or filling out forms. It is possible to block or alert necessary cookies, however without these cookies the Site may not work correctly.

Google	Name: _GRECAPTCHA Lifespan: 179 days Cookies used: First party	Used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website	HTTP Cookie
	Name: CONSENT / rc::a Lifespan: 2 years / Persistent Cookies used: First party / First party	Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website
Google	Name: rc::b / rc::c / rc::d-15# Lifespan: Session / Session / Persistent Cookies used: First party / First party / First party	This cookie is used to distinguish between humans and bots.	HTTP Cookie

Analytics cookies

These cookies help us to analyze the viewers interactions with Website. The information collected by us and report prepared from the collected information is anonymous.

Google	Name: _ga Lifespan: 399 days Cookies used: First party	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	HTTP Cookie
	Name: _gid Lifespan: 1 day Cookies used: First party
Google	Name: _ga_# Lifespan: 399 days Cookies used: First party	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit	HTTP Cookie
	Name: _gat Lifespan: 1 day Cookies used: First party	Used by Google Analytics to throttle request rate

Last updated: 15th February 2023