Privacy policy
As a company based in Switzerland, CapFinance Sàrl is subject to the Swiss Federal Data Protection Law. In any case, we remain committed to respecting our contractual obligations in terms of confidentiality, as stipulated in our general terms and conditions.
As we do not deliberately target European residents in connection with the provision of our services within the meaning of art. 3.2 RGPD, we do not believe that we are subject to the RGPD in the context of our activities.
This English version is a translation of the official French version.
Version: May 2024
Data protection statement
This data protection declaration describes how we handle personal data, in particular which personal data we collect and for what purposes. It also governs the transfer of data, the retention period, and your rights.
1. Who we are
CapFinance Sàrl provides consultancy and expertise services in areas related to financial management. Our range of services includes support and execution of mandates such as:
- Financial consolidation
- Part-time or interim financial management
- Delegation of resources
- Strategic and operational controlling
- Mergers and acquisitions, business plans, company valuations and due diligences
- Internal control
- Cost optimization and organization
2. Definitions and objectives of data collection and processing
2.1 Definitions
Personal data (hereinafter also referred to as data): all information concerning an identified or identifiable private individual.
Sensitive data: sensitive data relating, among other things, to health, religion, social welfare, debt collection or bankruptcy.
Data processing includes any operation relating to personal data, whatever the means and procedures used, particularly the collection, storage, use, modification, communication, archiving or destruction of data.
2.2 Purpose of collecting and processing personal data
We collect and process personal data to perform our professional duties, in accordance with legal and contractual provisions.
The collection, processing and use of personal data are subject to the legal provisions in force in Switzerland, which came into force in September 2023.
Personal data is collected in a transparent manner in accordance with the principles of proportionality and purpose.
Data is processed only to the extent and for the duration necessary to fulfill our tasks and obligations. We process personal data that is necessary to ensure the continuity, security and reliability of our service offering. This includes in particular the following purposes:
- Management and administration of contractual relations with our customers and their employees
- Management and administration of contractual relations with our suppliers
- Management of our contact list for corporate communications
- Web site management
- Ensuring safety, complying with legal obligations and exercising claims
3. What personnel data do we process?
3.1 Contacts list and general data
Depending on the purpose of the data processing, the type of customer and the service areas, we collect different categories of personal data, including, in certain circumstances, sensitive data.
For all contacts, interlocutors, contractual partners and customers, we process at least the following personal data:
- Surname, first name, e-mail address and, if applicable, address, telephone number, job title, profession, employer information
- Electronic and postal mails
In addition, depending on the purpose of the data processing, the customer segment and the service area, we collect and process further data as described in the following paragraphs.
3.2 Specific data
For the management and administration of our mandates and for communication with our customers, we process the following personal data:
- Contact data and general basic data as per paragraph 3.1;
- For the companies :
- Articles of association, extracts from the trade register, land register and debt enforcement office
- Information about the management and control of the company: data on individuals and members of the management team involved in the company: surname, first name, year of birth, nationality, job title, percentage of voting rights, information about their activity in the company
- Information on the employment of persons in managerial positions with third-party companies and, where applicable, surname, first name, company, sector of activity, job title and working hours (other mandates)
- Where applicable, details of companies and foundations holding a stake in the company: company name, registered headquarter, area of business, percentage of ownership, etc.
- Minutes of General meetings and Board meetings
- For holding companies, organizational chart with ownership interests in participations and affiliated companies
- Information on headcount and payroll: number of employees, working hours, job, salaries and social charges, length of service
- Banking information, access to company bank accounts
- Financial and tax information
- Minutes of meetings held as part of the working relationship with our customers
- Copies of contracts signed by our customers with third parties (customers contracts, suppliers’ contracts, commercial leases, insurance, etc.)
- For companies for which we manage the payroll, in addition to the data collected above, we collect the personal data of their employees:
- General basic data as per paragraph 3.1 and additional information: date of birth, gender, nationality, AVS number
- Data on social insurance and pension plans
- Information about marital status and children (date of birth, sex, education/school)
- Job title
- Employment contracts and amendments, salary and profit-sharing and options schemes
- Curriculum vitae
- Diploma
- Sickness and accident certificates
- Timesheets and holiday balances
- Bank account details
- For employees taxed at source (in addition to the data listed above): confession, residence permit, information about other professional activities
- If applicable, extract from the Register of debt collection Office
This data is processed for the purposes of providing the services as per our contractual agreements. It mainly concerns data relating to our customers. However, it may also concern third parties, such as employees, contact persons or persons who have a (contractual) relationship with our customers. Our customers may therefore also refer to this data protection declaration, but they themselves must take steps to comply with the Data Protection Law.
Data is processed for the purposes of managing and administrate our mandates, checking solvency, preventing conflicts of interest and quality control. It also meets legal and contractual requirements.
As a rule, data is communicated and made available directly by customers. However, depending on the nature and scope of the mandate, it may also come from authorities, courts or third parties. In certain circumstances, data may also be collected directly from the employer of the persons concerned.
3.3 Data for our newsletters and year-end greetings
We process the following personal data for the purposes of sending our newsletters and year-end greetings (e-mails and letters/cards in paper format):
- Contact details and general basic data in accordance with paragraph 3.1.
This data is necessary for the provision of communication and the management of our customer base.
You can ask us to remove your details from our contact list at any time by sending an email to info@capfinance.ch.
3.4 Data relating to direct communication (telephone, e-mail and videoconferences)
When we initiate them, the videoconferences we organize are carried out using Microsoft Teams. We do not record videoconferences, unless all participants agree and wish to do so.
For direct communication by telephone and e-mail, we may process the following personal data:
- Contact details and general basic data in accordance with paragraph 3.1.
- Other personal data contained in the e-mail
We process this personal data in order to provide and improve our services to our customers.
3.5 Data relating to CapFinance employees
The processing of data required for CapFinance Sàrl personnel management is specified in internal company documents.
As far as recruitment is concerned, applications that do not lead to a hiring are destroyed at the end of the application procedure.
3.6 Suppliers and other contractual partners
We process the following personal data from business partners who provide services or make deliveries on our behalf:
- Contact details and general basic data in accordance with paragraph 3.1.
- Bank account details
- Information available in the contract (such as details of the employees in charge, advisors, information on the service provided, etc.).
We process this data in the performance of a contract and in accordance with the statutory retention periods under commercial and tax law. If our contractual partners have access to our personal data as part of the performance of their duties (IT companies), we enter into a corresponding sub-contracting agreement with them.
3.7 Operation, improvement and control of the website and other electronic channels
3.7.1 Server log files
Our website can be used without the need to disclose extensive personal data. However, the server collects information about the user on each visit. This information is temporarily stored in the server log files. However, it is not possible to attribute this information to a specific person. The log files contain the following information :
- The date, time of access and data quantity
- The browser used and the operating system
- The supplier’s domain name
- The page from which you arrived on our site (referred-url)
- The search request
- IP address
The collection of this data is technically necessary: it serves to ensure the stability and security of the website and is used to analyze the use of the website and improve it. It also enables us to carry out precise checks in the event of suspected illegal use of our website.
3.7.2 Cookies
What are cookies?
This Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to manage the cookie settings.
Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.
How do we use cookies?
As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
Types of Cookies we use
Manage cookie preferences
Cookies parameters
You can change your cookie preferences any time by clicking the link “Cookie Settings”. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away.
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. Listed below are the links to the support documents on how to manage and delete cookies from the major web browsers.
Chrome: https://support.google.com/accounts/answer/32050
Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac
Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US
Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
If you are using any other web browser, please visit your browser’s official support documents.
3.8 Ensuring safety, complying with legal obligations and asserting claims
We may process the aforementioned personal data in order to guarantee security and enforce your rights, if necessary, and, to this end, pass it on to third parties such as tribunals or offices.
4. Data input, conservation period, security measures
4.1 Data input
As a rule, we obtain the personal data referred to in paragraph 3 directly from our customers, from the moment they receive one of our services.
However, in the case of mandates, the data may also come from authorities, courts or third parties, depending on the nature and scope of the mandate.
We also use information available to the public (in the media and on the Internet) or via our business network, insofar as this is appropriate in a specific case (for example, in connection with a job application, when taking up references).
4.2 Conservation period
We retain personal data for as long as it is necessary for the purposes for which it was collected, for the statutory or contractual retention periods, and for as long as we have an overriding interest in retaining it. The data is then deleted.
4.3 Data security
We take appropriate technical and organisational security measures to protect personal data against unauthorised access and misuse. These measures include IT and network security solutions, access restrictions, encryption of data carriers and their transmission, instructions, training, and controls.
Data is stored in the applications and software we use. Data is stored on servers located in Switzerland and the European Union.
If third parties have access to our data, special measures are taken, which are governed by the outsourcing contract (see section 7).
5. Data transmission and transfer
We may pass on personal data to third parties if you have given your consent, if this is necessary to provide the service concerned, fulfil the purpose of the contract or protect our legitimate interests, or if we are required to do so by law.
The following categories of recipients may receive personal data from us :
- Service providers (IT service companies, hosting providers, consultants, lawyers, insurance companies).
- Third parties within the framework of our legal or contractual obligations, authorities (in particular audit supervisory authorities or tax authorities), government institutions, tribunals.
The third parties we appoint are contractually bound to respect data protection and to process data only for the purposes we have indicated to them.
Our service providers are located in Switzerland or the European Union. If it is necessary to transfer data to a country that does not have a high level of data protection, this will be done based on standard contractual clauses or other appropriate guarantees.
6. Your rights
Any person may request information on the data processed concerning him or her, as well as on the origin, recipient and purpose of the data collection and processing. In addition, you have the right to request the rectification, blocking, deletion, or transfer of your data.
Data retained by virtue of legal provisions or necessary for business management purposes must not be deleted. If the data is not affected by a legal archiving obligation or our overriding interest in retention, we will delete your data at your request. If the archiving obligation applies, we will block your data.
You may also assert your rights before the courts or file a complaint with the relevant data protection authority.
7. Final provisions
7.1 Responsible entity and contact
We are responsible for data processing in accordance with this data protection declaration, unless otherwise stipulated.
The data protection officers are CapFinance’s partners: Mr Nour Avrany, Ms Anouck Ansermoz and Ms Isabelle Guyon.
General enquiries about data protection can be sent by post to CapFinance Sàrl, avenue de Florimont 3, 1006 Lausanne.
For questions concerning an individual, requests for rectification or a request for deletion, a copy of the identity card or passport identifying the person must also be enclosed.
7.2 Changes to the data protection declaration
We may amend our data protection declaration at any time by publishing it on the website. This data protection declaration was last updated on May 18, 2024.