Privacy Policy

Privacy Policy

Version: 01.01.2027

Introduction

The responsible and lawful handling of personal data is therefore a matter of great importance to us, Trust FIN GmbH, Gotthardstrasse 3, 6300 Zug, Switzerland ("Trust FIN", "we", "us", etc.). We process personal data at all times in compliance with applicable law, in particular Swiss data protection law and, where applicable, the General Data Protection Regulation of the European Union (EU GDPR).

This Privacy Policy ("Policy") describes the manner in which we process your personal data, (i) when we provide services to you as our customer or when you use our services (see Part A, General Privacy Policy), and (ii) when you visit our website "trust-fin.ch" or, as a customer, use services via our website and/or our online platform "Trust FIN Tax Portal" (together, the "Online Services") (see Part B, Online Privacy Policy).

This Policy forms part of the contract between you and us if it is listed as a contractual component in the relevant contract. If this is the case and there are discrepancies between the contents of this Policy and the provisions of the relevant contract or the General Terms and Conditions (GTC), the provisions of the latter documents shall prevail over the contents of this Policy.

Additional terms of use, General Terms and Conditions (GTC), and privacy policies may apply in addition to this Policy.

AGeneral Privacy Policy

Responsibility

Trust FIN (see Introduction) is responsible for the processing activities described in this Privacy Policy.

Categories of data subjects and categories of personal data

Personal data means all information relating to an identified or identifiable natural person. Anonymized data does not constitute personal data.

In connection with the provision of our services and your use of those services, we process personal data relating to the following categories of data subjects:

Customers who use the online platform "Trust FIN Tax Portal" to get in touch with suitable fiduciaries and have their tax return prepared by them

Fiduciaries (and their employees) who use the online platform "Trust FIN Tax Portal" to provide services to their customers in connection with the preparation of tax returns

Visitors to our website "trust-fin.ch"

In doing so, we process different categories of personal data, such as:

Business and private contact and identification data as well as (work) organizational data such as first name, last name, address, email address, telephone number, country, company, employer, area of work, department, function, responsibilities, signing authority, and personnel and customer number.

Personal details such as nationality, date and place of birth, language, gender, identity documents, data relating to spouse and children, civil status, voluntary activities, other activities, professional career, and qualifications.

User account information such as username and password.

Contractual and financial data such as contract type, contract content, type of services, applicable terms and conditions, contract start, contract term, fee claims, billing and payment data, IBAN, other account details, card number, financial circumstances, and creditworthiness.

Interaction and usage data such as correspondence, customer preferences, type and scope of service usage, customer service information such as complaints and information arising from the assertion of rights, and feedback.

Information relating to the use of the Online Services such as frequency of visits, date, time and duration of visits, pages visited, search terms, clicks on content, referring website, permissions, information entered in contact and feedback forms, social media profiles, submitted ratings and comments, IP address, information about the end devices used (device type, device ID/name, manufacturer, operating system, language, device settings, MAC address, etc.), cookie information, and browser settings.

Other data entered or uploaded in the course of using the online platform (in particular data in connection with the tax return and its attachments and supporting documents) or otherwise disclosed to us, insofar as such data does not already fall within one of the above categories. This category may also include particularly sensitive personal data (e.g. health data in health insurance documents or trade union membership).

As a rule, we process personal data that you disclose to us (e.g. during registration and in the context of using the online platform, by email, post or telephone, when using a contact form on our website, or when registering for an event). The disclosure may also be made by a third party, for example your fiduciary. Generally, there is no statutory or contractual obligation to disclose personal data. However, we will need to collect and process personal data that is necessary for establishing and performing a contractual relationship and the services to be provided. Otherwise, we may be unable to conclude or continue the relevant contract. The processing of certain data is also unavoidable when you use our Online Services. For technical reasons, the logging of certain data (usually not personal data) cannot be prevented.

In some cases, you may wish or need to transmit personal data of third parties to us or grant access to it. In such cases, please note that you are obliged to inform the persons concerned (e.g. employees) about this Policy and its content, obtain their consent where necessary, and ensure the accuracy of the relevant personal data.

Purposes of processing

We process your personal data for the following purposes:

Order and contract processing: This includes in particular the provision and performance of our services, identification of the person or verification of the company during registration on our online platform, maintenance of customer databases (including management of customer accounts), administration and maintenance of the customer relationship, invoicing, verification of your data, customer communication, and operation of our technical infrastructure.

Credit checks: This includes, in particular, determining the creditworthiness of our customers so that our employees can review offer restrictions or special payment terms in individual cases.

Debt collection: This includes in particular the assertion of claims and the judicial enforcement of outstanding receivables.

Service quality: This includes in particular measures to ensure the quality of our services and security, as well as technical troubleshooting and error correction.

Customer support: This includes in particular answering questions and requests, support with technical matters, sending information (e.g. about new services and functions), and providing general customer service (e.g. by email, telephone, SMS, or other forms of electronic communication).

Marketing: This includes sending general advertising and offers relating to our services and the services of selected business partners, as well as advertising tailored to your customer segment or customer profile, in particular in the form of newsletters.

Further development of our products and services: This includes in particular the evaluation, improvement, further development, and new development of services, products, functions, and customer interfaces, quality control and improvement of customer support, analysis and evaluation of the use of our Online Services to improve user-friendliness, and statistical evaluation of customer behavior based on anonymized customer data.

Prevention of misuse: This includes in particular the detection, prevention, and elimination of misuse of our services or infrastructure.

Compliance with legal requirements: This includes in particular compliance with applicable laws and regulations, responding to requests from competent courts and authorities, and the assertion, exercise, or defense of legal claims.

In each case, we process only the personal data about you that is necessary for the relevant purpose stated above.

Legal bases for processing

The processing of personal data requires a legal basis. When processing your personal data, Trust FIN relies on the legal bases of contract performance, legal obligation, and/or the pursuit of a legitimate interest. In detail, this is as follows:

Purpose of processing

Data categories

Legal basis

Order and contract processing

• Business and private contact and identification data as well as (work) organizational data
• Personal details
• User account information
• Contractual and financial data
• Interaction and usage data
• Information relating to the use of the Online Services
• Other data

Performance of a contract

Credit checks

• Business and private contact and identification data as well as (work) organizational data
• Contractual and financial data

Legitimate interest in reducing losses due to unpaid invoices

Debt collection

• Business and private contact and identification data as well as (work) organizational data
• Personal details
• Contractual and financial data

Legitimate interest in enforcing amounts owed and complying with legal requirements

Service quality

• Business and private contact and identification data as well as (work) organizational data
• User account information
• Contractual and financial data
• Interaction and usage data
• Information relating to the use of the Online Services
• Other data

Legitimate interest in customer satisfaction, competitiveness, and compliance with legal requirements

Customer support

• Business and private contact and identification data as well as (work) organizational data
• User account information
• Personal details
• Contractual and financial data
• Interaction and usage data
• Information relating to the use of the Online Services

Legitimate interest in customer satisfaction, competitiveness, and compliance with legal requirements

Marketing

• Business and private contact and identification data as well as (work) organizational data
• Personal details
• Contractual and financial data
• Interaction and usage data
• Information relating to the use of the Online Services

Legitimate interest in carrying out marketing measures, including the operation of our website

Further development of our products and services

• Business and private contact and identification data as well as (work) organizational data
• Personal details
• Contractual and financial data
• Interaction and usage data
• Information relating to the use of the Online Services

Legitimate interest in customer satisfaction and competitiveness

Prevention of misuse

• Business and private contact and identification data as well as (work) organizational data
• Personal details
• Contractual and financial data
• Interaction and usage data

Legitimate interest in preventing damage and complying with legal requirements

Compliance with legal requirements

• Business and private contact and identification data as well as (work) organizational data
• Personal details
• Contractual and financial data
• Interaction and usage data
• Information relating to the use of the Online Services
• Other data

Legal obligation and legitimate interest in complying with legal requirements

Retention period

We store and process your personal data for as long as this is necessary to achieve the purpose for which it was collected or as required, permitted, or prescribed by law or by authorities. For example, we have a legitimate interest in storing your personal data as long as it is subject to commercial, tax, or other statutory retention obligations, or where storage is necessary for evidentiary or security reasons or other reasons (e.g. in connection with the assertion, exercise, or defense of legal claims). Your personal data will then be deleted from our systems or anonymized so that you can no longer be identified.

Disclosure of personal data and categories of recipients

We may disclose your personal data, in compliance with legal requirements, to recipients such as service providers and other third parties, including business partners and authorities. This includes:

Service providers: We may disclose your personal data to service providers that we engage in the course of our business activities to perform customer-related, IT-related, or administrative tasks on our behalf, such as IT service providers (software, hosting, and email providers, maintenance and support providers, etc.), sales and cooperation partners, advisors (such as lawyers and fiduciaries), banks, debt collection service providers, and marketing service providers (e.g. for sending newsletters). Any disclosure of your personal data, or granting of access to it, is generally limited to the personal data required for these service providers to perform their services.

Third parties in the fulfillment of legal obligations: We may disclose your personal data to third parties if this is necessary or appropriate, or appears necessary or appropriate, to comply with applicable laws and regulations or to verify compliance with them, and to respond to requests from competent authorities to whom we must provide information about you and your personal data in accordance with applicable laws and regulations.

Third parties in connection with preventing misuse: We may disclose your personal data to third parties or obtain it from third parties where there are indications of unlawful use of services, if this is suitable for detecting, preventing, or eliminating fraudulent or abusive use of services of Trust FIN or third parties.

When using the online platform, a user's own "Trust FIN Tax Portal" account may be linked with that of a fiduciary. It is also possible to connect further services, such as those of financial institutions and payment service providers, via interfaces made available by us. Trust FIN is not responsible for the disclosure or exchange of personal data to or with the fiduciary or such additional services.

A list of data recipients will be provided to you on request. Please contact us using the contact details set out in Part C, Section 1.

Cross-border processing of personal data

As a rule, your personal data is processed in Switzerland. However, in the course of providing its services, Trust FIN may also rely on products and services of foreign manufacturers, suppliers, and subcontractors that, in the course of fulfilling their services, access personal data on our systems from abroad or process such data at their foreign location.

Accordingly, the recipients of your personal data listed in Section 6 may be located abroad and, in exceptional cases, also outside the EU/EEA. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland or in the EU/EEA (so-called third countries). If we transfer your personal data to such a country, we ensure appropriate protection, for example by carefully selecting recipients and entering into data transfer agreements based on contracts approved, issued, or recognized by the European Commission (so-called Standard Contractual Clauses). Please contact us using the contact details set out in Part C, Section 1, if you would like a copy of our data transfer agreements.

In exceptional cases and depending on the applicable data protection law, transfers to countries without an adequate level of data protection may be permissible, for example on the basis of explicit consent, for the performance of a contract with the data subject or to process a contract request, for the conclusion or performance of a contract with another person in the interest of the data subject, or for the assertion, exercise, or defense of legal claims.

Collection and sharing of information from data analytics (Smart Data)

By using data analytics procedures, we generate statistical and analytical information (data products) that we may use for our own evaluations and make available to third parties such as business partners or customers in anonymized, i.e. non-personal, form. Any further use of data will only take place, where required by law, with your additional consent.

Technical and organizational measures

To protect your personal data (in particular against access and misuse by unauthorized third parties) and to ensure data security appropriate to the risk, we have implemented appropriate technical and organizational measures and agreed such measures with the third parties engaged by us (see Section 6 above). These measures are regularly reviewed and adapted to technological developments.

BOnline Privacy Policy

General

When you use our Online Services (website and online platform), we process personal data about you that you provide to us, for example when registering on the online platform, placing an order, using a contact form, or participating in surveys (e.g. your contact details such as name, telephone number, address, or email address).

In addition, we use cookies in our Online Services in accordance with the explanations in Section 3 of this Policy (see below) so that you can use our Online Services without issues. Beyond this, we only use cookies if you have consented via the cookie pop-up displayed when you visit our Online Services.

Online platform "Trust FIN Tax Portal"

As a customer, you have the option of accessing our online platform with your login, using the services provided there, and managing personal data and viewing information within it. If you are logged into our online platform, we may link your online usage data, such as the way in which you use the online platform and the services provided through it or the data you disclose to us via the online platform, with other customer data that we collect and process in connection with your use of our services, and process it for the provision of services and functions on the online platform as well as for the evaluation, improvement, and development of new services and functions.

Cookies

So-called cookies are used on our Online Services. Cookies are small files that are stored on your computer or mobile device when you visit or use our Online Services. Cookies store certain information about your browser and data about the exchange with the relevant Online Service via your browser. When a cookie is activated, it is assigned an identification number (cookie ID) by which your browser can be identified and the information contained in the cookie can be used. In particular, the following types of cookies are used:

Strictly necessary cookies: Strictly necessary cookies enable basic functions of the Online Services. Without these strictly necessary cookies, the Online Services cannot be used properly.

Functional cookies: Functional cookies (also called preference cookies) are used to store user preferences (e.g. language, region, or time zone) and provide an improved and personalized user experience.

Analytics cookies: These cookies are used to understand how visitors interact with the Online Services in order to detect errors and provide improved analytical data.

Marketing cookies: Marketing cookies are used to measure the effectiveness of advertising, provide a personalized service, and tailor advertisements to visitors' needs.

Most of the cookies used are temporary session cookies that are automatically deleted from your computer or mobile device at the end of the browser session. In addition, permanent cookies are also used. Depending on the type of cookie, permanent cookies remain stored on your computer or mobile device for between one month and ten years after the end of the browser session and are automatically deactivated once the programmed period has expired.

Cookies collect usage information such as the date and time our Online Services are accessed, pages accessed, the IP address of your computer or mobile device, browser type and version, and the operating system used. Cookies also indicate, for example, which of our Online Services you visit and from which referring website you came to our Online Services. We can also use cookies to understand which topics you research on our Online Services.

The cookies or corresponding technologies stored on your computer or mobile device may also originate from independent third-party providers. Cookies from such third-party providers also remain stored on your computer or mobile device for between one month and ten years and are automatically deactivated when the programmed period expires. Third-party providers receive access only to data based on an identification number (cookie ID). This concerns online usage information such as which of our Online Services you visited and which content you used.

Web analytics tools

To gain insights into the use of our Online Services and to improve our offering, in particular the functions of the Online Services, we use web analytics tools (including in particular Matomo or Google Analytics). These tools are usually provided by a third-party provider. As a rule, the information about the use of our Online Services collected by means of cookies is anonymized and transmitted to the servers of the third-party provider, which may be located abroad depending on the provider.

Prevention of cookies and web analytics tools

Most internet browsers accept cookies by default. However, you can configure your browser so that it accepts no cookies or only certain cookies, or so that you are notified before a cookie from an Online Service you visit is accepted. You can also delete cookies on your computer or mobile device by using the corresponding function of your browser. Instructions on how to prevent cookies through browser settings can be found at the following link: allaboutcookies.org/ge

In addition, you have the option of adjusting your consent to the use of cookies on our Online Services yourself via the cookie pop-up.

If you decide not to accept our cookies or the cookies and tools of third-party providers, you may not see certain information on our Online Services and may not be able to use some functions designed to improve your visit.

Social plugins

We also use so-called social plugins from social networks on our website (in particular LinkedIn, Google Meta, and others). The plugins can be identified by the logo of the respective social network.

All plugins used are implemented using a two-click solution. As a result, the respective plugins are only activated when you click on the logo of the relevant social network.

If you access a page on our website that contains an activated plugin, your browser establishes a direct connection to the servers of the respective provider. The content of the plugin is transmitted directly by the respective provider to your browser and integrated into the page. By integrating the plugins, certain information is transmitted to the provider and stored by it.

Even if you are not a member of the relevant social networks, it is still possible that they may learn and store your IP address via the social plugin. If you are logged into one of the social networks, the respective providers can associate your visit to our website with your personal profile on the social network. If you interact with the social plugins, for example by clicking the corresponding button, the relevant information is also transmitted directly to a server of the provider and stored there. The information is also published in the relevant social network in your respective profile and shown there to your contacts. Please refer to the privacy notices of the providers for the purpose and scope of data collection and the further processing and use of the data by the respective providers, as well as your related rights and setting options for protecting your privacy.

If you want to prevent the relevant providers of the social networks from associating the data collected via our website with your personal profile in the respective social network, you must log out of the relevant social network before visiting our website. You can also completely prevent the loading of plugins using specialized add-ons for your browser such as "NoScript" (noscript.net) or "Ghostery" (ghostery.com).

Third-party services used by us in detail

Upon request, we will provide you with a list of the third-party services used in our Online Services (including services such as [Matomo, Vimeo, Google reCAPTCHA, Google Maps, Google Analytics, Google Tag Manager, and YouTube]). Please contact us for this using the contact options listed in Part C, Section 1.

Newsletter

On our website, you have the option of subscribing to our newsletter. The personal data you provide to us for this purpose, in particular your email address and your name, will be used to send our newsletter. / If you use services from us as a customer, we will send you our newsletter, in which we inform you about services you already use or similar services. To send the newsletter, we use your personal data, in particular your email address and your name. The newsletter is sent either directly by us or by a specialized third-party provider. You can unsubscribe from the newsletter at any time (via the corresponding link in the newsletter). You may also inform us, using the contact options listed in Part C, Section 1, that you no longer wish to receive newsletters.

CGeneral

Contact

If you have any questions or concerns, you can contact us as follows:

Via contact form: trust-fin.ch/contactBy email: info@trust-fin.chBy telephone: +41 41 511 27 97By post: Trust FIN GmbH, Gotthardstrasse 3, 6300 Zug, Switzerland

You can contact the Data Protection Officer or Data Protection Advisor of Trust FIN as follows:

By email: datenschutz@trust-fin.chBy post: Trust FIN GmbH, Marlon Recine, Gotthardstrasse 3, 6300 Zug, Switzerland

Your rights

Where provided for within the scope of applicable law and under the conditions laid down in applicable law, you have the following rights in relation to the processing of your personal data:

Right of access: You have the right to obtain confirmation from us as to whether we process personal data concerning you and, if so, to request information about the processing of your personal data. This information includes in particular details about the purpose of the processing, the categories of personal data, and the recipients or categories of recipients to whom the personal data has been or will be disclosed.

Right to rectification: You have the right to rectification and/or completion of your personal data processed by us.

Right to erasure: You are entitled to have your personal data erased provided that, under applicable laws and regulations, we are not obliged to retain your personal data (in whole or in part) or have an overriding interest in further retention, if

the personal data is no longer necessary for the purposes pursued;

you have withdrawn your consent (where such consent was given) and there is no other legal basis for processing;

you have effectively objected to the processing;

the personal data has been processed unlawfully.

Right to restriction of processing: You may request restriction of processing from us in the following cases:

if you contest the accuracy of the personal data, for the duration of our review and the subsequent rectification or rejection of rectification;

if, in the event of unlawful processing, you reject erasure and instead request restriction of processing;

if, after the purpose has been fulfilled, you request that the personal data not be deleted but instead retained for the assertion of rights.

The personal data concerned will be separated or marked for the duration of the restriction. Apart from storage, any further processing of this personal data will only take place with your consent.

Right to data portability: Under certain conditions, you have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format. You are entitled to have this personal data transmitted to a third party without hindrance, insofar as this is technically feasible.

Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data by us and to require us to stop processing your personal data. If you have a right to object and exercise this right, your personal data will no longer be processed by us for such purposes.

In particular, there is no right to object if we have compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims, or is necessary for the conclusion and performance of a contract.

Where we process your personal data for direct marketing purposes, you have the right to object to such processing at any time. Following your objection, your personal data will no longer be processed for that purpose.

Right to withdraw consent: If you have given us consent to process your personal data for one or more specific purposes, you have the right to withdraw that consent for one or more of those purposes. The withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal.

You can exercise your rights in connection with the processing of your personal data using the contact options listed above by sending us your request by post or email. Please enclose a copy of your identity document (identity card or passport) with your request.

We reserve the right to invoke the limitations provided by law, for example if we are legally obliged to retain or process certain personal data or have an overriding interest in doing so because, for example, we need it for the assertion, exercise, or defense of legal claims. Please note that the exercise of the above rights may conflict with contractual agreements between you and us (e.g. regarding the provision of services) and may lead to consequences such as early termination of the contract or costs. In such cases, we will inform you in advance.

You also have the right to lodge a complaint with the competent supervisory authority, in particular in the member state of your habitual residence or the place of the alleged infringement, if you consider that the processing of your personal data violates applicable data protection law. The competent supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Amendments

We reserve the right to amend and supplement all parts of this Policy at any time and at our sole discretion, in particular due to technical adjustments or new services. The version published on our Online Services (website and online platform) shall apply in each case. We will inform you appropriately and in accordance with the requirements of applicable law about changes.

If this Policy forms part of a contract between you and us, we will inform you appropriately in advance and obtain your consent if we amend or supplement the Policy to your detriment. Your consent is voluntary. If you do not agree to the relevant amendment or supplement, you may object to it. If you do not object within the deadline communicated to you in advance, this will be deemed your consent to the relevant amendment or supplement. An amendment or supplement to this Policy does not give rise to a right of extraordinary termination of a contract.