Let's Talk

Privacy Policy

Privacy Policy of ASFOS

Version effective as of June 9th, 2025

This Privacy Policy (“Privacy Policy”) explains and sets out the basis for our collection of personal data when you visit our website, use our services, when you interact with us in relation to a contract, communicate with us or otherwise deal with us, how we use it, the conditions under which we may disclose it to others and the measures we take to keep it secure. In addition, we may inform you about the processing of your data separately, for example in consent forms, terms and conditions, additional privacy policies, forms and other policies. We use the word «data» here interchangeably with “personal data”. The term “personal data” in this Privacy Policy shall mean any information that identifies or could reasonably be used to identify any person.

This Privacy Policy is used to inform users regarding our policies with the collection, use, and disclosure of personal data if anyone decides to use our website and services. If you choose to use our website, then you agree to the collection and use of information in relation with this Privacy Policy. The personal data that we collect is used for providing and improving the experience on our website. We will not use or share your information with anyone except as described in this Privacy Policy.

If you provide information to us about any person other than yourself, you must ensure that the data is accurate and that these people understand how their information will be used, that they have given their permission for you to disclose it to us and for you to allow us, and our service providers, to use it. You are welcome to provide them with a copy of this Privacy Policy.

This Privacy Notice is aligned with the Swiss Data Protection Act (“DPA”) and the EU General Data Protection Regulation (“GDPR”). However, the application of these laws depends on each individual case.

Who we are

The responsible person for processing your data under this Privacy Policy (“Controller”) unless we tell you otherwise in an individual case is:

ASFOS GmbH, Limmatquai 4, 8001 Zurich, Switzerland (“ASFOS”)

You may contact us regarding data protection matters and exercise your rights at info@asfos.com.

What kind of data we process about you and why

We process the following data about you for the purposes outlined below:

Data collection on our website

For a better experience while using our website, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and postal address. The information that we collect will be used to contact or identify you.

We primarily process personal data that we obtain from our clients and other business partners as well as other individuals in the context of our business relationships with them or that we collect from users when operating our websites, apps and other applications. Insofar as it is permitted to us, we obtain certain personal data from publicly accessible sources (e.g., debt registers, land registries, commercial registers, press, internet) or we may receive such information from affiliated companies of ASFOS, from authorities or other third parties (such as e.g., credit rating agencies). Apart from data you provided to us directly, the categories of data we receive about you from third parties include, but are not limited to, information from public

registers, data received in connection with administrative or court proceedings, information in connection with your professional role and activities (e.g., in order to conclude and carry out contracts), information about you in correspondence and discussions with third parties, credit rating information (if we conduct business activities with you personally), information about you given to us by individuals associated with you (family, consultants, legal representatives, etc.) in order to conclude or process contracts with you or with your involvement (e.g. references, your delivery address, powers of attorney), information regarding legal regulations such as anti money laundering and export restrictions, bank details, information regarding insurances, our distributors and other business partners for the purpose of ordering or delivering services to you or by you (e.g., payments made, previous purchases), information about you found in the media or internet (insofar as indicated in the specific case, e.g. in connection with job applications, media reviews, marketing/sales, etc.), your address and any interests and other sociodemographic data (for marketing purposes), data in connection with your use of our websites (e.g., IP address, MAC address of your smartphone or computers, information regarding your device and settings, cookies, date and time of your visit, sites and content retrieved, applications used, referring website, localization data).

Communication and contact forms, etc.

When you contact us by email, telephone, chat, letter or other means of communication, we collect the data exchanged between you and us for the purposes of communicating with you and provide our services to you, in particular to respond to your enquiries. By providing us with this information, you acknowledge that we use your personal information in accordance with this Privacy Policy.

Newsletter

If you subscribe to our newsletter, we process the information provided by you (e.g. contact details) in order to provide you with our newsletter. You may cancel your subscription at any time by using the option to unsubscribe contained in the newsletter or by sending us an email to the address mentioned above.

Cookies / Tracking and Other Techniques Regarding the Use of our Website

We typically use “cookies” and similar techniques on our websites, which allow for the identification of your browser or device. A cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device, when you visit our website. If you revisit our website, we may recognise you, even if we do not know your identity. Besides cookies that are only used during a session and deleted after your visit to the website (“session cookies”), we may use cookies to save user configurations and other information for a certain time period (e.g., two years) (“permanent cookies”). Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. Most browsers are preset to accept cookies. We use permanent cookies for the purpose of saving user configuration (e.g., language, automated log in), and to understand how you use our services and content, and to enable to show you customized offers and advertisement (which may also happen on websites of other companies; should your identity be known to us, such companies will not learn your identity from us; they will only know that the same user is visiting their website has previously visited a certain website). Certain cookies are sent to you from us, others from business partners with which we collaborate. If you block cookies, it is possible that certain functions (such as, e.g., language settings, shopping basket, ordering processes) are no longer available to you.

In accordance with applicable law, we may include visible and invisible image files in our newsletters and other marketing emails. If such image files are retrieved from our servers, we can determine whether and when you have opened the email, so that we can measure and better understand how you use our offers and customize them. You may disable this in your email program, which will usually be a default setting.

By using our websites and consenting to the receipt of newsletters and other marketing emails you agree to our use of such techniques. If you object, you must configure your browser or email program accordingly, should the respective setting not be available.

If Google Analytics or other statistics providers are used, which do not transfer any personal data (such as e.g. email addresses):

We may use Google Analytics or similar services on our website. These are services provided by third parties, which may be located in any country worldwide (in the case of Google Analytics Google Ireland Ltd. (located in Ireland), Google Ireland relies on Google LLC (located in the United States) as its subprocessor (both «Google»), www.google.com) and which allow us to measure and evaluate the use of our website (on an anonymized basis). For this purpose, permanent cookies are used, which are set by the service provider. Although we can assume that the information we share with Google is not personal data for Google, it may be possible that Google may be able to draw conclusions about the identity of visitors based on the data collected, create personal profiles and link this data with the Google accounts of these individuals for its own purposes. If you have registered with the service provider, the service provider will also know your identity. In this case, the processing of your personal data by the service provider will be conducted in accordance with its data protection regulations. The service provider only provides us with data on the use of the respective website (but not any personal information of you).

Links to third party offerings

Our website may contain third-party offerings. Please note that when you use such link, your data such as IP address, personal browser settings etc., are transmitted to these third parties. We have no control over, do not review and cannot be responsible for these third-party websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these third-party websites or their content, or to any collection of your data after you click on links to such third-party websites. We encourage you to read the privacy policies of every website you visit. Any links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, or websites.

Plugins and our presence on third party platforms

We do not use plugins on our website. If our website contains icons from other third-party providers (e.g. Twitter, linkedIn, Telegram, Google), we only use these for passive linking to the pages of the respective providers.

Please find further information on the purpose and scope of data collection and processing by the third-party providers in their respective privacy policies. This also applies with regards to our own presence on third party platforms (e.g. LinkedIn or YouTube).

Providing Services and performance of a contract

We process your data (e.g. your contact data and further information provided by you, data on the services provided to you) for entering into a contract with you, perform and administer it and to provide our services to you.

Services improvement and innovation

We process your data for marketing and business activities in relation to our services.

Safety or security reasons

We process your data to protect our IT and other infrastructure. For example, we process data for monitoring, analysis and testing of our networks and IT infrastructures including access controls.

Compliance with law and legal procedures

We process your data to comply with legal requirements, e.g., money laundering and terrorist financing, tax obligations etc. and we might have to request further information from you to comply with such requirements («Know Your Customer», “KYC”) or as otherwise required by

law and legal authorities. Furthermore, we may process your data for the enforcement of legal claims and for the defense in legal disputes and official proceedings.

Risk management, corporate governance and business development

We process your data as part of our risk management and corporate government to protect us from criminal or abusive activity. As part of our business development, we might sell businesses, parts of businesses or companies to others or acquire them from others or inter into partnerships and this might result in the exchange and processing of data based on your consent, if necessary.

Children’s Privacy

Our website does not address anyone under the age of 18. We do not knowingly collect personal identifiable information from children under 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we can take the necessary action.

Profiling

We may partially process your personal data automatically with the aim of evaluating certain personal aspects (profiling). Profiling allows us to inform and advise you about services possibly relevant to you more accurately. For this purpose, we may use evaluation tools that enable us to communicate with you and advertise you as required, including market and opinion research.

Legal basis for the processing of your data

Where we asked for your consent, we process your data based on such consent. Where we did not ask for your consent and where required under applicable law, we process your data on other legal grounds, such as

  • a contractual obligation
  • a legal obligation
  • a vital interest of the data subject or of another natural person
  • to perform a public task
  • our legitimate

To whom do we transfer your data?

As part of our data processing, we may share your personal data with third parties, in particular to the following categories of recipients:

– Service providers

We may share your information with service providers and business partners around the world with whom we collaborate to fulfil the above purposes (e.g. IT provider, shipping companies, advertising service provider, security companies, banks, insurance companies, telecommunication companies, credit information agencies, address verification provider, lawyers) or who we engage to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only.

– Legal authorities

We may pass on personal data to offices, courts and other authorities in Switzerland or abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities are responsible for processing data about you that they receive from us.

– Contractual partners

In case required under the respective contract we share your data with other contractual partners. If we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.

Do we disclose your data abroad?

The data that we collect from you may be transferred to, processed and stored in, a country outside the European Economic Area (EEA) or Switzerland. In view of the EEA or Switzerland the law in some of those countries may not offer an adequate level of data protection. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defense of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the European Commission approved standard contractual clauses, adjusted according to Swiss law, if applicable and required.

How long do we keep your data?

We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above mentioned purposes, they will be deleted or anonymized, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).

Security of your data

We take appropriate organizational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. However, we and your personal data can still become victims of cyber attacks, cyber crime, brute force, hacker attacks and further fraudulent and malicious activity including but not limited to viruses, forgeries, malfunctions and interruptions which is out of our control and responsibility. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your choices and your rights

To the extent provided for by applicable law, you may request information free of charge about the data processed relating to you, its origin and recipients and the purpose of the data processing. You may also have the right to correction, deletion, restriction or objection to processing, as well as to the transfer of the data to another controller. Furthermore, you can revoke your consent at any time with effect for the future.

In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in this Privacy Policy above. Please note that the foregoing rights are subject to legal restrictions and may interfere with or make impossible the provision of our services.

You have the right to lodge a complaint with a competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner “FDPIC” (Eidgenössischer Datenschutzund Öffentlichkeitsbeauftragten, “EDÖB”).

How you can update your information

The accuracy of your information is important to us. If you change your contact information, or any of the other information we hold is inaccurate or out of date, please email us to the email address mentioned above.

Amendments of this Privacy Policy

We may amend this Privacy Policy at any time without prior notice. The current version published on our website shall apply (www.asfos.com)

Where material changes are made, we will inform you through appropriate channels (e.g., website banner, email notification). The updated version will be published on our website.