Supplier Shield logo vendor risk management solution

Privacy Policies

Please read this privacy and cookie policy carefully before using Supplier Shield website operated by Abilene Advisors SA.

Data protection declaration


By this data protection declaration, we inform you about the personal data that we process in the course of our business, including our different sites web,, We inform you in particular of the object, in the manner and at the place of the processing of personal data. We inform you about the rights of people which we process data.

We are subject to the Swiss Federal law on Data Protection (FADP), as well as, if applicable, to the foreign law applicable in respect of data protection, in particular that of the European Union (EU) with the general regulation on data protection (RGPD). The European Commission acknowledges that the Swiss law of data protection ensures adequate protection of the data.

2.Data protection declaration

2.1 Contact address

Henri Haenni (DPO) :

Abilene Advisors

Rue de la Gare 39

1110 Morges


2.2 Definitions

Personal data are defined as: any information relating to an identified or identifiable natural person (“data subject”) ; an identifiable person is one physical who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online id or to one or more factors specific to the physical identity, physiological, genetic, mental, economic, cultural or social aspects of the individual.

Means for processing any operation or set of operations performed or not with the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, diffusion or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction.”

The European Economic Area (EEA)includes the member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The general regulation on data protection (RGPD) refers to the processing of personal data-processing of personal data.

3.What data do we process your topic ?

We collect the following data directly from you. The content of the data processed by Abilene Advisors will be detailed in the registry's activities of treatment :
  • Identity (first name, last name, date of birth, gender). These data are retained for 10 years after the end of the contractual relationship, for legal reasons or for the purposes of evidence in the pending expiration of the applicable limitation periods.
  • Contact details (postal address, e-mail address, phone number). These data are stored for 10 years after the end of the contractual relationship, for legal reasons or for the purposes of evidence in the pending expiration of the applicable limitation periods.
  • Billing (amount and maturity of invoices, reminders, documents). These data are stored for 10 years after the end of each accounting period, in accordance with art. 958f CO.
  • Correspondence (e-mail exchanges, accounts, records of telephone calls, postal mail). These data are stored for 10 years after the end of the contractual relationship, for legal reasons or for the purposes of evidence in the pending expiration of the applicable limitation periods.
  • Technical data (IP address, MAC address, timestamp). These data are kept for 12 months after it has been collected for technical reasons and security of our computer facilities.

4.For what purposes do we process your data?

We treat your personal data in order to:
  • enter into contractual relationships and to perform them in accordance with the provisions laid down in the contracts;
  • communicating with you via any means of communication appropriate to answer your questions about our services, provide you with our services and our help, and record complaints and claims;
  • to send you commercial communications or promotional (marketing) through the channels selected by you, if applicable, conduct a profiling combining different personal data in order to better understand your interests and preferences among our products and services ; some treatments for marketing purposes involve the communication of your data to contractual partners ; you can in the time you object to processing for marketing purposes;
  • communicate your data to our partners for them to contact you, if your prior consent ;
  • improve our services, our products and our business through market research and customer satisfaction surveys ;
  • planning our business activities ;
  • the production of statistics ;
  • verify that our operations are in compliance with the applicable legislation and our internal regulations ;
  • risk analysis, detect abuse, put in place security measures and control that these measures are effective ;
  • respond to your questions and requests related to data protection, in particular when you wish to exercise any of your rights provided for by the legislation.

5.What legal basis is used for the treatment of your data?

Most of the treatments that we use are strictly necessary for the conclusion, execution and liquidation of contracts with you. Without these treatments, we can not guarantee that the services that we are committed to provide by virtue of the contracts.

Other treatments based on our legitimate interest or that of a third party. This is the case in particular for the treatment for marketing purposes, security, statistics and market research. The same goes for the defense of our interests in justice and the management of disputes, especially those who do not have a contractual basis.

Some treatments may be required by the laws of switzerland or abroad. If they are not directly imposed by the law, they will be based on our legitimate interest to comply with the legal provisions that are applicable.

Your consent will also serve as the basis when it is necessary (e.g., for certain treatments for marketing purposes). In this case, we will inform you specifically treatments that require your consent, and will remain free to give it or not. We will let you know what the consequences are if you refuse to provide your consent. When you give your consent, you are free to withdraw it at any time, without justification and in a simple way. The withdrawal is for the future and does not affect retroactively treatments carried out up to the withdrawal. The treatment that is covered by the withdrawal of the consent will stop immediately, unless it can be pursued through a different legal basis (e.g. our legitimate interest).

6.Who do we share your data ?

In the framework of the contractual relationship between you and us and to the other purposes referred to in chapter 4 above, we may disclose some or all of your data to the following recipients :
  • These companies process the data we share with them for the same purposes as those referred to in chapter 4 above.
  • The contractual partners. We work with partners in order to provide you with the benefits provided for by the contracts that bind us to you. We give, therefore, only the personal data concerning you which is absolutely necessary for the provision of their services.
  • When we are required to do so by the legal framework, when we have the law, or when it is in the protection of our interests, we disclose your personal data to the authorities in Switzerland or abroad.
When we communicate your data to recipients who act as sub-contractors, we check if they communicate the data to third parties and require the guarantees of these communications, including as to their necessity and their security. If necessary, we will restrict the processing of your data by some of our sub-contractors. On the other hand, these checks and restrictions may be implemented with respect to certain recipients acting as responsible, independent of the treatment, in particular the authorities.

7.What types of cookies use on our Web sites ?

7.1 Cookies

Cookies are small text files that are placed on your device when you visit our web site. They allow us to enhance your browsing experience, personalize the content, and to analyze the use of our site to better understand your needs and preferences. Some of the cookies are essential for the proper functioning of our website, while others help us to provide you with additional functionality.

When you arrive at our site, you'll be greeted by a banner informative that will explain to you the use of cookies. You will then have the opportunity to give your explicit consent by ticking the box “I accept” or reject non-essential cookies, by clicking on “I refuse”. You can also manage your preferences related to cookies at any time by accessing the ” Settings “cookies” on our website.

Please note that essential cookies are enabled by default to ensure the proper functioning of our site. However, we undertake not to collect any personal data without your express prior consent and do not share your information with third parties without your express permission.

7.2 Google Analytics

We use Google Analytics on our website. It is a third-party service that can be located in any country in the world (in the case of Google Analytics, this is to Google LLC, United States,, with which we can measure and evaluate the use of the website. For this purpose, permanent cookies are created by Google Analytics are used. The anonymisation of the IP addresses in Google Analytics is enabled, this means that the IP addresses of the users of our web sites, which are necessarily transmitted to the servers of Google Analytics are truncated automatically and in the shortest time possible (to hide the last byte of the address). Google Analytics tells us only how our various web sites are used (without any personal information about you). From our side, we will not disclose any personal information to Google Analytics, even if the latter may track your use of the website, combine this information with data from other Web pages you have visited and that it also follows, and use this information for personal use. However, if you are registered with Google Analytics, it knows you well. The processing of your personal data by Google Analytics are therefore her responsibility, in accordance with their privacy policy.

7.3 Plugins of social Networks

We use elsewhere on our website plugins of social networks such as LinkedIn, Facebook, Twitter etc. You can usually view them with the corresponding symbols. We've set up these items so that they are disabled by default. If you activate them (by clicking it), the data concerning your visit to our website will be transmitted to the operator of the social network, which may use it for its own needs. The processing of your personal data is then the responsibility of the operator, in accordance with its policy on personal data. It will not transmit any information about you.

We do not sell any of your personal data in any way to third parties.

8.Transfer your data abroad ?

We are working with suppliers and partners that are not located in Switzerland. We transfer certain personal data when such a transfer is necessary to fulfill the purposes outlined in chapter4 above and that it complies with the applicable legal framework.

In addition, we use the it services for foreign suppliers. We strive to keep the data in Switzerland, but it happens that this is impossible. In this case, we have focused on the countries of the European Economic Area and countries that provide an adequate level of protection.

We will transfer personal data mainly in the European Economic Area.

We also remind you that because of the technical rules related to the operation of the network, the Internet transmission of personal data between individuals or entities located in the same country may transit through other countries. These transits which are beyond our control.

9.How long do we keep your data ?

We treat your personal data as long as the goals of each treatment require. These purposes include the legal obligations of conservation as well as the periods of retention that we have set ourselves to protect our own interests (corporate governance, documentation and preservation of evidence). In all cases, when any retention periods have expired, your personal data are de-identified or destroyed.

Durations of specific conservation measures have been described in chapter 3 above for each category of personal data. These times may be extended due to technical reasons when the data in question can be found in our backup system in the long term. In this case, we take all security measures to restrict access to backup to a very small number of people and to limit the processing of data at simple storage. We are further committed to destroying the data in the backups as soon as it is technically possible.

10.How do we protect your data ?

Abilene Advisors has put in place an Information Security Management System (ISMS) according to ISO 27001 : 2022. This ISMS establishes a governance framework to ensure the confidentiality, integrity and availability of personal and sensitive data of its customers, partners and employees.

In establishing the terms and organizational measures, human, physical and technical, of the ISO 27001 standard Abilene Advisors strengthens its capacity to identify and assess the risks associated with personal data, puts in place appropriate security measures such as encryption, access management and monitoring, and establishes procedures for responding to incidents to react quickly and effectively in the event of a data breach.

This proactive approach not only ensures compliance with the regulations of data protection, but also the creation of a trusted environment where the stakeholders can be assured that their personal information is handled with the utmost care and security.

The data transferred on the internet by us and through our website is protected by encryption technologies such as SSL/TLS. Any transaction conducted on the internet can be guaranteed as 100% secure.

11.What are your rights relating to the protection of your data ?

Your rights regarding your personal data include :
  • we request information about your personal data that we process, as well as a copy of said data ;
  • ask us to correct or complete incorrect or incomplete data ;
  • ask us to delete your data, unless, for example, or a legal basis is our legitimate interest requires or authorizes us to store your data for longer ;
  • ask us to limit the processing of your personal data ;
  • we indicate at any time the revocation of your consent to the processing of data for which your consent has been requested ;
  • we mean all the time your opposition to the processing of your personal data for promotional and advertising purposes ;
  • we mean all the time by your opposition to any other treatment, unless, for example, or a legal basis is our legitimate interest requires or authorizes us to continue the treatment ;
  • we ask for your data to a portable size when the processing of your data is done in an automated manner, on the basis of your consent or a contract ;
  • ask us to make your point of view in the case of automated individual decision and will review the decision by a human being ;
  • you talk to our counsellor to the protection of data, the FDPIC when you want to challenge the way we process your data or your request to exercise your rights, respectively, to file a report or a complaint.
We will notify you of any conditions or restrictions that may apply to exercise your rights.

You can exercise your rights by contacting us directly (see chapter 2.1 above) or by completing the form of compliance available via

We reserve the right to require additional information to help us to identify you, in particular by means of a copy of an official identity document valid. In order to facilitate the processing of your application, please also specify what(s) the right(s) you wish to make a claim, and their scope.

12.When we update this statement?

This statement may be updated at any time. The published version hereon our website, constitutes the most recent version and faith. It replaces all the clauses of the general data protection earlier or contrary to this statement.
© Copyright 2024, All Rights Reserved