In this Data Protection Policy, we, Fidinter Treuhand AG and Fidinter AG (both collectively referred to as ‘Fidinter’), describe how we collect and process personal data. This data protection policy is not an exhaustive description; other privacy-related statements may regulate specific matters (see, for example, our ‘GTC,’ our Data Processing Agreement (‘DPA’)) and/or mandate agreements). For the purposes of this data protection policy, personal data refers to all information relating to an identified or identifiable person.

1. Responsible party and contact details

Fidinter Treuhand AG and Fidinter AG are responsible for the data processing described here, unless otherwise specified in individual cases. Enquiries regarding data protection can be sent to us by letter or email, enclosing a copy of the user’s ID card or passport for identification purposes:

Postal address:

Fidinter Treuhand AG (and/or Fidinter AG)
P.O. Box
CH-8034 Zurich
Switzerland

Electronical communication:

e-mail: zuerich@fidinter.ch
Phone: +41 44 297 20 50

2. Collection and processing of personal data

We process personal data in particular in the following types of processing.

  • Client data from clients for whom we provide or have provided services.
  • Personal data that we have received indirectly from our clients while providing services.
  • When visiting our website.
  • When using our newsletter.
  • When participating in one of our events.
  • When we communicate or a visit takes place.
  • In other contractual relationships, e.g. as a supplier, service provider or advisor.
  • In job applications.
  • When we are required to do so for legal or regulatory reasons.
  • When we exercise our due diligence or other legitimate interests, e.g. to avoid conflicts of interest, prevent money laundering or other risks, ensure data
    accuracy, check creditworthiness, ensure security or enforce our rights.

More detailed information can be found in the description of the respective types of processing in section 3.

3. Types of personal data

The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you or about persons who are related to you. This information may also include sensitive personal data.
We collect the following types of personal data, depending on the purpose for which we process it:

  • Contact information (e.g. surname, first name, address, telephone number, email address)
  • Client information (e.g. date of birth, nationality, marital status, occupation, title, job title, passport/ID number, social security number)
  • Risk assessment data (e.g. credit rating information, commercial register data)
  • Financial information (e.g. bank account details)
  • Mandate data, depending on the assignment (e.g. tax information, articles of association, minutes, projects, contracts, employee data (e.g. salary, social security), accounting data, beneficial owners, ownership structure)
  • Website data (e.g. IP address, device information, browser information, website usage (analysis and use of plugins, etc.)
  • Application data (e.g. CV, work certificates)
  • Marketing information (e.g. newsletter subscription)
  • Security and network data (e.g. visitor lists, access controls, network and mail scanners, telephone call lists)

To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. company registers, real estate registers, commercial registers, the public press, the Internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties.

In addition to the data you provide to us directly, the categories of personal data we receive about you from third parties include, in particular, information from public registers, information we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help) , information about you in correspondence and meetings with third parties, credit reports, information about you provided to us by people in your environment (family, advisers, legal representatives, etc.) so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney) information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, distribution and other contractual partners of ours on the use or provision of services by you (e.g. payments made, purchases made), information about you from the media press and the internet (if this is appropriate in a specific case, e.g. in the context of a job application, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing purposes), data related to the use of the website (e.g. IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and content accessed, functions used, referring website, location information).

4. Purposes of data processing and legal basis

a. Provision of services

We primarily process personal data that we receive during our mandate relationships with our clients and other contractual relationships with business partners and further persons involved.

The personal data of our clients includes the following information in particular:

  • Contact information (e.g. surname, first name, address, telephone number, email address, other contact information)
  • Personal information (e.g. date of birth, nationality, marital status, occupation, title, job title, passport/ID number, social security number, family
    circumstances, etc.)
  • Risk assessment data (e.g. credit rating information, commercial register
    data, sanctions list, specialised databases, data from the internet)
  • Financial information (e.g. data on bank accounts, investments or
    shareholdings)
  • Mandate data, depending on the assignment, e.g. tax information, articles
    of association, minutes, employee data (e.g. salary, social security),
    accounting data, etc.
  • Sensitive personal data: This personal data may also include sensitive personal data, such as data on health, religious beliefs or social assistance measures,
    especially if we provide payroll processing or accounting services.

We process this personal data for the purposes described above based on the following legal bases:

Conclusion or execution of a contract with or in favour of the data subject, including contract initiation and possible implementation (e.g. consulting, trust services)

  • Compliance with a legal obligation (e.g. when we perform our duties as auditors or are required to disclose information)
  • Protection of legitimate interests (e.g. for administrative purposes, to improve our quality, to ensure security, to conduct risk management, to enforce our rights, to defend ourselves against claims or to verify possible conflicts of interest)
  • Consent (e.g. to send you marketing information).

b. Indirect data processing from service provision

When we provide services to our clients, we may also process personal data that we have not collected directly from the data subjects or personal data from third parties. These third parties are usually employees, contact persons, family members or persons who have a relationship with the clients or data subjects for other reasons. We need this personal data in order to fulfil contracts with our clients. We receive this personal data from our customers or from third parties commissioned by our customers. Third parties whose information we process for this purpose are informed by our customers that we are processing their data. Our customers can refer to this data protection policy for this purpose.

The personal data of individuals who have a relationship with our clients includes the following information in particular:

  • Contact information (e.g. surname, first name, address, telephone number, email address, other contact information, marketing data)
  • Personal information (e.g. date of birth, nationality, marital status, occupation, title, job title, passport/ID number, social security number, family circumstances, etc.)
  • Financial information (e.g. bank account details, investments or shareholdings)
  • Mandate data, depending on the assignment, e.g. tax information, articles of association, minutes, employee data (e.g. salary, social security), accounting data
  • Sensitive personal data: This personal data may also include sensitive personal data, such as data on health, religious beliefs or social assistance measures, especially if we provide payroll processing or accounting services.

We process this personal data for the purposes described above based on the following legal bases:

  • Conclusion or execution of a contract with or for the benefit of the data subject (e.g. when we perform our contractual obligations)
  • Fulfilment of a legal obligation (e.g. when we perform our duties as auditors or are obliged to disclose information)
  • Protection of legitimate interests, particularly our interest in providing our customers with the best possible service.

c. Use of our website

No personal data needs to be disclosed to use our website. However, each time the server is accessed, it collects a range of user information which is temporarily stored in the server’s log files.

When using this general information, no association with a specific person is made. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected in order to improve the website and analyse its use.

This includes the following information in particular:

  • Contact information (e.g. surname, first name, address, telephone number,
    e-mail address)
  • Other information that you provide to us via the website
  • Technical information automatically transmitted to us or our service providers, information about user behaviour or website settings (e.g. IP address, device type, browser, number of clicks on the page, opening the newsletter, clicking on links, etc.)

We process this personal data for the purposes described above on the following legal bases:

  • Protection of legitimate interests (e.g. for administrative purposes, to improve
    our quality, to analyse data or to promote our services)
  • Consent (e.g. to the use of cookies or the newsletter).

d. Newsletter usage

If you subscribe to our newsletter, we will use your email address and other contact details to send you the newsletter. You can subscribe to our newsletter with your consent. Your full name, email address and, if applicable, your postal address is required to send you the newsletter. We will store this information after you register. The legal basis for processing your data in connection with our newsletter is your consent to receive the newsletter. You can revoke this consent at any time and unsubscribe from the newsletter.

e. Participation in events

If you participate in an event organised by us, we collect personal data in order to organise and run the event and, if necessary, send you additional information afterwards. We also use your information to notify you of further events. You may be photographed or filmed by us at these events, and we may publish this image material internally or externally.

This includes the following information in particular:

  • Contact information (e.g. surname, first name, address, telephone number, email address)
  • Personal information (e.g. occupation, position, title, employer, eating habits)
  • Images or videos
  • Payment information (e.g. bank details).

We process this personal data for the purposes described above based on the following legal bases:

  • Fulfilment of a contractual obligation with or for the benefit of the data subject, including contract initiation and enforcement (enabling participation in the event)
  • Protection of legitimate interests (e.g. holding events, disseminating information about our event, providing services, efficient organisation)
  • Consent (e.g. to send you marketing information or to create image material).

f. Direct communication and personal visits

When you contact us (e.g. by telephone, email or chat) or we contact you, we process the personal data necessary for this purpose. We also process this personal data when you visit us. In this case, you may be required to provide your contact details before your visit or at reception. We store these details for a certain period to protect our infrastructure and information.

We use the Microsoft Teams service to conduct telephone conferences, online meetings, video conferences and/or webinars (‘online meetings’).

In particular, we process the following information:

  • Contact information (e.g. surname, first name, address, telephone number, email address)
  • Communication metadata (e.g. IP address, duration of communication, communication channel)
  • Records of conversations, e.g. during video conferences
  • Other information that the user uploads, provides or creates while using the video conferencing service, as well as metadata used for the maintenance of the service provided. Additional information about the processing of personal data by Microsoft Teams can be found in their privacy statements
  • Personal information (e.g. occupation, position, title, employer)
  • Time and reason for the visit.

We process this personal data for the purposes described above on the following legal bases:

  • Fulfilment of a contractual obligation with or for the benefit of the data subject, including contract initiation and enforcement (provision of a service)
  • Safeguarding legitimate interests (e.g., security, traceability, and handling and administration of customer relationships).

g. Applications

You can submit your application for a position with us by post or via the email address provided on our website. The application documents and all personal data disclosed to us in this context will be treated as strictly confidential, will not be disclosed to third parties and will only be processed for the purpose of processing your application for employment with us. Unless you give your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal retention obligation. The legal basis for the processing of your data is your consent, the fulfilment of the contract with you and our legitimate interests.

In particular, we process the following information:

  • Contact information (e.g. surname, first name, address, telephone number, email address)
  • Personal information (e.g. occupation, position, title, employer)
  • Application documents (e.g. cover letter, references, diplomas, CV)
  • Assessment information (e.g. HR consultant evaluation, reference information, assessments)

We process this personal data for the purposes described above on the following legal bases:

  • Protection of legitimate interests (e.g. hiring new employees)
  • Authorisation.

h. Suppliers, service providers, other contractual partners

When we enter into a contract with you to provide a service for us, we process personal data relating to you or your employees. We need this data to communicate with you and make use of your services. We may also process this personal data to check whether there could be a conflict of interest in connection with our activities as auditors and to ensure that we do not incur any unintended risks, e.g. with regard to money laundering or sanctions, as a result of the cooperation.

In particular, we process the following information:

  • Contact information (e.g. surname, first name, address, telephone number, email address).
  • Personal information (e.g. occupation, position, title, employer).
  • Financial information (e.g. bank account details).

We process this personal data for the purposes described above on the following legal bases:

  • Conclusion or execution of a contract with or in favour of the data subject, including contract initiation and enforcement
  • Safeguarding legitimate interests (e.g. avoidance of conflicts of interest, protection of the company, enforcement of legal claims). 

5. Tracking-Technology

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

Information relating to the specific device used is stored in the cookie. However, this does not mean that we immediately become aware of your identity. The use of cookies serves to make the use of our website more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted when you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your device for a specific period. If you visit our site again to use our services, it will automatically recognise that you have already been with us and what entries and settings you have made, so that you do not have to enter them again. We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognise that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period.

The data processed by cookies is necessary for the purposes mentioned. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website. 

6. Web and newsletter analysis

To obtain information about the use of our website, to improve our Internet offering and to be able to address you with advertising on third-party websites or on social media, we use the following web analysis tools and retargeting technologies: Google Analytics.

These tools are provided by third-party providers. As a rule, the information collected for this purpose about the use of a website is transmitted to the third-party provider’s server using cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad.

The data is usually transmitted with the IP addresses truncated, which prevents the identification of individual end devices. This information is only transferred by third-party providers based on legal regulations or within the scope of order data processing. 

i. Google Analytics

We use Google Analytics, the web analytics service provided by Google LLC, Mountain View, California, USA, on our websites. Google Limited Ireland (‘Google’) is responsible for Europe. To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store specific information relating to the user on the user’s device. These enable Google to analyse the use of our website. The information collected by the cookie about the use of our pages (including your IP address) is usually transferred to a Google server in the USA and stored there. We would like to point out that on this website, Google Analytics has been extended by the code ‘gat. anonymizeIp ();’ to ensure anonymous collection of IP addresses (so-called IP masking). If anonymisation is active, Google shortens IP addresses within member states of the European Union or in other signatory states to the Agreement on the European Economic Area, which means that no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google may associate your IP address with other data from Google. For data transfers to the United States, Google has committed to signing and complying with the EU Standard Contractual Clauses.

j. Google Maps

We use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Limited Ireland, ‘Google’) on our website. Google Maps is a web service for displaying interactive (land) maps to visually represent geographical information. By using this service, our location is displayed to you and any journey to us is made easier. As soon as you access the subpages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want this association with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

For data transfers to the USA, Google has committed to signing and complying with the EU Standard Contractual Clauses.

7. Data transfer and data transmission

We only pass on your data to third parties if this is necessary for the provision of our services, if these third parties provide a service for us, if we are legally or officially obliged to do so, or if we have an overriding interest in passing on the personal data. We will also pass on personal data to third parties if you have given your consent or requested us to do so.

Not all personal data is transmitted in encrypted form as standard. Unless explicitly agreed otherwise with the customer, accounting data, payroll administration data, payslips and salary statements are transmitted in unencrypted form (see also our General Terms and Conditions).

The following categories of recipients may receive personal data from us:

  • Branches, subsidiaries or sister companies.
  • Service providers (e.g. IT service providers, hosting providers, suppliers, consultants, solicitors, insurance companies, brokers).
  • Third parties within the scope of our legal or contractual obligations, authorities, government agencies, courts.

We conclude contracts with service providers who process personal data on our behalf, obliging them to ensure data protection. Most of our service providers are located in Switzerland or, in exceptional cases, in the EU/EEA. Certain personal data may also be transferred to the USA (e.g. Google Analytics data) or, in exceptional cases, to other countries worldwide. If data transfer to other countries that do not have an adequate level of data protection is necessary, this is done based on the EU standard contractual clauses (e.g. in the case of Google) or other suitable tools. 

8. Duration of personal data retention

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data may be retained for the period during which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised without prior notice, as far as possible. For operational data (e.g. system logs), shorter retention periods of twelve months or less generally apply. 

9. Data protection

We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation and controls.

10. Mandatory provision of personal data

Within the scope of our business relationship, you must provide the personal data necessary for establishing and conducting a business relationship and fulfilling the associated contractual obligations (you are not generally under any legal obligation to provide us with data). Without this data, we will not be able to conclude or execute a contract with you (or the entity or person you represent). The website cannot be used either if certain information required to secure data traffic (such as your IP address) is not disclosed.

Fidinter customers are also aware that this Data Protection Policy (DPP), our General Terms and Conditions (GTC) and the Data Processing Agreement (DPA) are deemed to have been read, understood and accepted when entering into a cooperation/mandate with Fidinter. Unless otherwise agreed between you and Fidinter, the latest versions of the Data Protection Policy (DPP), the Data Processing Agreement (DPA) and the GTC, which are published and updated on the Fidinter website, shall apply.

11. Your rights

You have the following rights in connection with our processing of personal data:

  • Right to information about the personal data we have stored about you, the purpose of the processing, the origin and the recipients or categories of recipients to whom the personal data is disclosed.
  • Right to rectification if your data is incorrect or incomplete.
  • Right to restriction of processing of your personal data
  • Right to request the erasure of the processed personal data
  • Right to data portability
  • Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons.
  • Right to lodge a complaint with a competent supervisory authority, if provided for by law.

To exercise these rights, please contact us at the address given in section 1.

Please note, however, that we reserve the right to apply the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are permitted to invoke this) or need it to assert claims. If you incur any costs, we will inform you in advance. 

12. Change of date protection policy

We reserve the right to change this data protection policy at any time.

Last change: January 2026.

Download DPP