Data Privacy Policy
1. Who are we
This privacy policy is applicable for TaXperts GmbH and US TaXperts AG.
TaXperts GmbH is a company that provides services within the scope of a fiduciary company. Our service offering includes fiduciary services, particularly advising individuals in Swiss tax and social insurance legislation.
US TaXperts AG is a company that provides services within the scope of a fiduciary company. Our service offering includes fiduciary services, particularly advising individuals in US tax legislation.
2. Basics of Data Processing
This privacy policy describes how we process personal data, specifically what personal data we collect for what purpose. It also regulates data disclosure, retention periods, and your rights.
Personal data (hereinafter referred to as "data") includes all information related to a specific or identifiable individual. The term "data processing" is context-dependent and encompasses any handling of personal data, regardless of the means and methods used, including obtaining, storing, using, modifying, disclosing, archiving, or destroying data.
We collect and process personal data to fulfill our business tasks within the legally and contractually defined framework. The collection, processing, and use of personal data are subject to the applicable Swiss (Federal Data Protection Act) and, if applicable, European legal provisions (EU General Data Protection Regulation (GDPR)).
We collect personal data in a transparent manner and in accordance with the principles of proportionality and purpose limitation. Data is processed only to the extent and for the duration necessary for our tasks and obligations.
3. Purpose of the Collection and Processing of Personal Data
We process those personal data that are necessary to ensure our service offering to be permanent, secure, and reliable. This includes, in particular:
Handling and administration of contractual relationships with customers, employees, suppliers, etc.;
Maintenance of contacts and communication related to service provision;
Operation of the website;
Ensuring security, fulfilling legal obligations, enforcing claims;
Sending invitations and conducting events and webinars;
Marketing actions and sending newsletters;
Statistical surveys/evaluations.
4. What Personal Data Do We Process?
4.1 General Contact and Basic Data
Depending on the purpose of data processing, customer segment, and service areas, we collect various types of personal data, including potentially sensitive personal data.
From all contact, dialogue, and contractual partners, as well as customers, we process at least the following personal data:
Last name, first name, email address, and, if applicable, gender, address, phone numbers, title, date of birth, marital status, nationality, profession, information about the employer, social security, number, tax identification number;
Email and written correspondence (physical mail).
In addition, depending on the purpose of data processing, customer segment, and service area, we also collect, and process additional data as described in the following paragraphs:
4.2 Data for Mandate Processing
For the provision of our services and the administration of our mandates and communication with our clients, we process the following personal data:
General contact and basic data as per section 4.1;
For companies:
- Legal form, company capital and paid-in capital, year of establishment of the company, external audit firm, turnover in Switzerland and abroad, annual turnover achieved per business area, company registration number;
- Branch offices: Location of the branch office, company name, address, phone, internet, email, correspondence language;
- Information about the staff: Departments, number of employees. responsible persons, job percentages;
Information about individuals / shareholders and members of the corporate management involved in the company: Last name, first name, date of birth, nationality, address, contact details, function, voting power, information about the activity in the company;
Information about companies and foundations involved in the company: Company name, registered office, industry, degree of participation;
Information about the contact person: Last name, first name, date of birth, email, and phone numbers;
Information about the employment of individuals at third-party companies: Last name, first name, company, industry, function, and employment percentage;
Information about participation/ownership shareholdings;
Payment information;
Client data such as:
- Articles of association, protocols, contracts;
- Employee data (salary, social insurance, employment contracts);
- Accounting and tax information;
- Particularly sensitive personal data such as health data, religion, information about social assistance, debt collection, or bankruptcies.
These data are primarily processed in connection with services in the areas of consulting, taxes, payroll processing, or accounting. These are mainly data of our customers. However, they may also concern third parties, such as employees, contact persons, or individuals in a (contractual) relationship with our customers. Therefore, our customers can also refer to this privacy policy, but they must also take measures themselves to comply with data protection legislation.
The data processing serves the execution and management of mandates, credit checks, the prevention of conflicts of interest, and quality control. It also complies with legal and contractual requirements.
The data is usually communicated and provided directly by customers. Depending on the nature and scope of the mandate, they may also come from authorities, courts, or third parties. Under certain circumstances, data may also be collected directly from the employer of the individuals concerned.
4.3 Data in Connection with Email and Phone Inquiries
When you contact us by email or phone, your inquiry, including all resulting personal data (name, email address, phone, inquiry, etc.), is stored and processed by us for the purpose of handling your request.
The processing of this data either occurs in connection with the fulfillment of an order or to carry out pre-contractual measures. In all other cases, the processing is based on your consent and/or our legitimate interests, as we have a legitimate interest in the effective processing of inquiries directed to us.
The data sent to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completing the processing of your request). Mandatory legal provisions – especially statutory retention periods – remain unaffected.
4.4 Data for Mailings and Newsletters
For the purpose of sending information about events, publications, etc. (marketing purposes) and for the dispatch of newsletters, we process the following personal data:
General contact and basic data as outlined in section 4.1;
These data are necessary for the provision of the service, communication, or the maintenance of our customer database. To improve our services, information related to marketing, mailings, and newsletters is also statistically evaluated. You can object to the use of your personal data for marketing purposes at any time or unsubscribe from receiving the newsletter.
4.5 Data for the Organization and Conduct of Events
The following personal data are processed for the organization and conduct of events:
General contact and basic data as outlined in section 4.1;
Information about the employer (such as company, address, email address), participants, and speakers;
Information about participation in further education;
Payment information;
Possibly images or videos.
First name, last name, address (if applicable), email address, and employer may be disclosed to other participants. It may also be possible that you are photographed or filmed at events.
These data are processed for the conduct of the event as well as for networking and marketing purposes. We need the visual material for the internal documentation of the event, for inclusion in a newsletter or on our website and social media channels, for the creation of reports, and possibly to inform our members about the event. Participants can inform the photographer before or during the recordings that they do not want to appear in the corresponding visual material.
4.6 Data in Connection with Direct Communication (Phone, Email, or Chat, Online Meetings, Video Conferences, and/or Webinars, etc.)
Online meetings, video conferences, and/or webinars organized by us are particularly conducted using Microsoft Teams / Zoom / Google Meet, etc. For direct communication via phone, email, collaboration solution, or chat, we and our corresponding service providers, as necessary, can process the following personal data:
General contact and basic data as outlined in section 4.1;
Other personal data contained in email communication;
Communication data such as IP address, time, and duration of communication;
Recordings of video conferences, if necessary.
We process these personal data to provide and improve our services for our customers and other interested parties.
4.7 Data about Personnel
The following data are processed for personnel management:
General contact and basic data as outlined in section 4.1;
Social insurance information/AHV number;
Information about children;
Employment contract details such as start date, position, salary, employment contract;
Job application information such as cover letter, curriculum vitae, work certificates, diplomas, evaluation of job interviews, assessments, reference information;
Financial information and bank details;
For employees subject to tax-at-source: religion, permit ID, information about other employment, substitute income, and spousal information;
Information about periodic performance reviews;
Time and vacation recordings;
Information about illnesses, accidents, maternity or paternity leave, military or civil defense service;
Criminal and/or debt collection extracts.
Application documents that do not lead to employment are deleted or destroyed after the conclusion of the application process, unless we receive consent to retain them.
The data serve for the correct processing in personnel management, fulfilling the contractual relationship (employment contract), and are mainly submitted by the employees.
4.8 Suppliers and Other Contractual Partners
We process the following personal data of business partners who provide services or deliveries for us:
General contact and basic data as outlined in section 4.1;
Financial information such as bank details;
Information mentioned in agreements (such as data about responsible employees, consultants, information about the provided service, etc.).
We process this data in fulfillment of a contract and in accordance with the legal retention periods of commercial and tax law. If our contractual partners have access to our personal data in the fulfillment of their order (e.g., IT companies), we conclude a corresponding data processing agreement (DPA) with them.
4.9 Operation, Control, and Improvement of the Website and Other Electronic Channels
4.9.1 Server Log Files
In close collaboration with our hosting provider, we strive to protect databases as much as possible from unauthorized access, loss, misuse, or forgery. When accessing our websites, the following data is stored in log files: IP address, date, time, browser request, and general information transmitted about the operating system or browser. This data forms the basis for statistical, anonymous evaluations, allowing us to identify trends to improve our offerings accordingly.
The provider of this website automatically collects and stores information in so-called server log files that your web browser automatically transmits to the provider. The following information is transmitted:
Type and version of the browser
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
These data cannot be directly attributed to specific individuals. The merging of this data with other data sources is not performed. We reserve the right to review this data retrospectively if we become aware of specific indications of illegal use.
4.9.2 Cookies
The websites partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. They serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain on your device until you delete them. These cookies enable us to recognize your browser on your next visit.
Our website uses Squarespace Analytics, a web analytics service provided by Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (“Squarespace”). Squarespace Analytics uses cookies. The cookies are transferred to a server in the USA and stored there. Squarespace is certified under the EU-US Privacy Shield and is committed to complying with EU data protection standards. Squarespace uses the data to evaluate the use of the website, create reports on website activity, and facilitate the use of the website. Data collection is necessary for these purposes. Squarespace will never associate your IP address with other Squarespace data. By using the website, you consent to the processing of data by Squarespace for the purposes and objectives of creating visitor statistics and improving the website.
For more information, please visit https://www.squarespace.com/privacy/.
Our website uses Google Search Keyword Analytics, a web analytics service provided by Google Inc. (“Google”). Google Search Keyword Analytics shows which search terms drive traffic from Google to the website. This helps us identify which search terms are responsible for the most clicks on our site and the average position for different search queries.
You can configure your browser to inform you about the use of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases, or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies and related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obligated to provide personal data. If you do not provide personal data, we cannot manage your consents.
4.9.3 SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
4.10 Ensuring Security, Fulfilling Legal Obligations, Enforcing Claims
We may process the aforementioned personal data to ensure security and enforce your rights, if necessary, and may also disclose them to third parties, such as courts or authorities.
5. Data Collection, Retention Period, Security Measures
5.1 Data Collection
Typically, we receive the personal data mentioned in Section 4 directly from you when you use one of our services. In some cases, data may also be collected directly from the employer of the individuals concerned.
For mandates, depending on the nature and scope of the mandate, data may also come from authorities, courts, or third parties.
We also extract publicly available information from media and the internet, as far as this is indicated in specific cases (e.g., in the context of an application, in the selection of lecturers and speakers), as well as data related to the use of the website (see Section 4.9).
5.2 Retention Period
We retain personal data for as long as it is needed for the purpose for which it was collected or for a duration required by applicable laws, regulations, or contractual agreements, and as long as we have a predominant interest in retention. After that, the data is deleted.
5.3 Data Security
We implement appropriate technical and organizational security measures to protect personal data from unauthorized access and misuse. This includes IT and network security solutions, access restrictions, encryption of data carriers and transmissions, instructions, training, and controls.
The data is stored in the applications and software applications we use. The data is primarily stored on servers in Switzerland. If data is stored abroad, the rules in Section 6 apply.
If third parties have access to our data, special measures are taken, as regulated in the data processing agreement (see Section 6).
To facilitate and expedite order processing, information and data can also be exchanged electronically. It is known that data sent over the Internet cannot be reliably protected against third-party access, loss, delayed transmission, or virus infection. Agreements on encryption techniques and the like can be separately agreed upon request.
6. Data Disclosure and Transmission
We may disclose personal data to third parties if you have given your consent, or if it is necessary for the provision of the respective service, the fulfillment of the contractual purpose, or the protection of our legitimate interests, or if we are legally obligated to do so.
The following categories of recipients may receive personal data from us:
Service providers (e.g., IT service providers, hosting providers, suppliers, consultants, lawyers, insurers, etc.);
Third parties within the scope of our legal or contractual obligations, authorities (such as tax authorities, social insurance authorities, etc.), government institutions, courts.
Third parties we engage with are contractually obligated to comply with data protection regulations and process the data only for the purposes we specify.
Our service providers are mainly located in Switzerland or in the EU/EEA. Certain personal data may also be transmitted to the USA. If data transmission to a country without an adequate level of data protection is required, it will be based on standard contractual clauses (e.g., in the case of Microsoft) or other suitable guarantees.
The information you provide to us may also be anonymized for statistical analysis purposes and shared with third parties.
7. Your Rights
Every individual has the right to request information about the data processed concerning them, including its origin, recipients, and the purpose of data collection and processing. Additionally, you have the right to request correction, blocking, deletion, or transfer of your data.
Data that must be retained due to legal regulations or required for business transactions cannot be deleted. If data is not subject to a legal archiving obligation or our predominant retention interest, we will delete your data upon your request. If an archiving obligation applies, we will block your data.
Furthermore, you can enforce your claims in court or file a complaint with the competent data protection authority (EDÖB).
8. Final Provisions
8.1 Responsible Entity and Contact
We are responsible for data processing according to this privacy policy unless otherwise specified.
General inquiries about data protection can be sent to us by mail or email:
OR
For specific inquiries about a person, requests for correction, or deletion, a copy of the ID or passport must be provided for user identification.
8.2 Adjustments to the Privacy Policy
We reserve the right to adjust our privacy policy at any time through publication on the website.
This privacy policy was last updated on February 1, 2024.