Privacy policy

In this Privacy Policy, we, Swiss CryptoTax GmbH (hereinafter referred to as “we” or “us”), describe how we collect and process personal data. This privacy policy is not an conclusive description; other privacy policies may govern specific matters. For the purposes of this Privacy Policy, personal data means any information relating to an identified or identifiable person.

1. Responsible body and contact

Swiss CryptoTax GmbH is responsible for the data processing described here, unless otherwise stated in individual cases. Inquiries regarding data protection can be sent to us by letter, enclosing a copy of the ID or passport identifying the user: Swiss CryptoTax GmbH, Edisonstrasse 14, 8050 Zurich.

2. Collection and processing of personal data

We process personal data in the following categories of processing in particular.

3. Categories of personal data

The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you or about people who have a relationship with you. Under certain circumstances, this information may also be particularly sensitive personal data.

We collect the following categories of personal data, depending on the purpose for which we process it:

Insofar as this is permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties. In addition to the data that you provide to us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example to conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information, information about you that people from your environment (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or with your involvement (e.g. References, your address for deliveries, powers of attorney) Information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours on the use or provision of services by you (e.g. payments made, purchases made), information from the media and the Internet about your person (insofar as this is appropriate in the specific case, e.g. in the context of a job application, etc.). e.g. in the context of a job application etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location data).

4. Purposes of data processing and legal basis

4.1. Provision of services

We primarily process the personal data that we receive from our clients and other persons involved in the context of our client relationships and other contractual relationships with business partners. Our clients’ personal data includes the following information in particular:
We process this personal data for the purposes described based on the following legal basis:

4.2. Indirect data processing from the provision of services

When we provide services for our customers, we may also process personal data that we have not collected directly from the data subjects or personal data of third parties. These third parties are usually employees, contact persons, family members or persons who have a relationship with the customers or data subjects for other reasons. We require this personal data to fulfil contracts with our customers. We receive this personal data from our customers or from third parties commissioned by our customers. Third parties whose information we process for this purpose are informed by our customers that we are processing their data. Our customers can refer to this privacy policy for this purpose.
The personal data of persons who have a relationship with our customers includes the following information in particular:
We process this personal data for the purposes described based on the following legal basis:

4.3. Use of our website

No personal data needs to be disclosed to use our website. However, the server collects a range of user information with each visit, which is temporarily stored in the server’s log files. When using this general information, no assignment to a specific person takes place. The collection of this information or data is technically necessary to display our website and ensure its stability and security. This information is also collected to improve the website and analyse its use.
This includes the following information in particular:
We process this personal data for the purposes described based on the following legal basis:

4.4. Direct communication and visits

When you contact us (e.g. by telephone, e-mail or chat) or we contact you, we process the personal data required for this. We also process this personal data when you visit us. In this case, you may have to leave your contact details before your visit or at reception. We store this data for a certain period in order to protect our infrastructure and our information.
To conduct telephone conferences, online meetings, video conferences and/or webinars (“online meetings”), we use the Zoom service, Microsoft Teams or Skype, or video conferencing service providers used by you.
We process the following information in particular:
We process this personal data for the purposes described on the basis of the following legal basis:

4.5. Applications

You can submit your application for a position with us by post or via the e-mail address provided on our website. The application documents and all personal data disclosed to us will be treated in strict confidence, will not be disclosed to third parties and will only be processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application dossier will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a statutory retention obligation. The legal basis for the processing of your data is your consent, the fulfilment of the contract with you and our legitimate interests.
We process the following information in particular:
We process this personal data for the purposes described based on the following legal basis:

4.6. Suppliers, service providers, other contractual partners

If we conclude a contract with you so that you can provide a service for us, we process personal data about you or your employees. We need this data to communicate with you and to make use of your services. We may also process this personal data to check whether there could be a conflict of interest in connection with our activities as auditors and to ensure that we do not enter into any unwanted risks, e.g. with regard to money laundering or sanctions.
We process the following information in particular:
We process this personal data for the purposes described based on the following legal basis:

5. Tracking technologies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period. If you visit our site again to make use of our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is required for the purposes mentioned. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears before a new cookie is created. However, if you deactivate cookies completely, you may not be able to use all the functions of our website.

6. Data transfer and data transmission

We only pass on your data to third parties if this is necessary for the provision of our services, if these third parties provide a service for us, if we are legally or officially obliged to do so or if we have an overriding interest in passing on the personal data. We will also pass on personal data to third parties if you have given your consent or requested us to do so. Not all personal data is transmitted in encrypted form as standard. Unless explicitly agreed otherwise with the customer, accounting data, payroll administration data, payslips and salary statements are transmitted unencrypted.
The following categories of recipients may receive personal data from us:
We conclude contracts with service providers who process personal data on our behalf, obliging them to guarantee data protection. Most of our service providers are located in Switzerland or in the EU/EEA. In exceptional cases, certain personal data may be transferred to other countries worldwide. If it is necessary to transfer data to other countries that do not have an adequate level of data protection, this is done based on the EU standard contractual clauses.

7. Duration of the storage of personal data

We process and store your personal data for as long as is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so, or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as far as possible. Shorter retention periods of twelve months or less generally apply to operational data (e.g. system protocols, logs).

8. Data security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls.

9. Obligation to provide personal data

As part of our business relationship, you must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a legal obligation to provide us with data). Without this data, we will not be able to enter into or perform a contract with you (or the entity or person you represent). The website can also not be used if certain information to secure data traffic (such as IP address) is not disclosed.

10. Your rights

You have the following rights in connection with our processing of personal data:
To assert these rights, please contact us at the address given in section 1. Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or require it for the assertion of claims. If you incur costs, we will inform you in advance.

11. Changes to the privacy policy

We expressly reserve the right to amend this privacy policy at any time. Last change: November 2023