1. Data controller
The controller responsible for the processing of your personal data is:
6340 Baar
Switzerland
Phone: +41 41 760 70 70
E-mail: privacy@tsmsag.ch
Website: TSMSAG.ch
2. Scope and legal framework
This Privacy Policy applies to all personal data we process in connection with our website tsmsag.ch, our communication with prospects and clients, and the delivery of our services.
We process personal data in accordance with:
- the Swiss Federal Act on Data Protection (revFADP) and its Ordinance (FADPO);
- the EU General Data Protection Regulation (GDPR) where it applies; and
- any other applicable sectoral or jurisdictional requirements.
3. Data we collect
Depending on how you interact with us, we may process the following categories of personal data:
- Identification & contact data — name, company, role, email, phone, postal address.
- Communication data — messages you send us via the contact form, email or phone, including attachments.
- Onboarding & KYC data (where you become a client) — identity documents, beneficial ownership information, source of funds/wealth, business activity, regulatory status.
- Transactional & banking data — information about banking relationships we help you establish or maintain, on a strictly need-to-know basis.
- Technical data — IP address (truncated where possible), browser type, device type, referring URL, pages visited, approximate location, timestamps.
- Marketing data — preferences and interactions, where you have opted in to receive communications.
We do not knowingly collect special categories of personal data (e.g. health, political opinions) unless this is strictly necessary for KYC and you have provided it to us.
4. Purposes and legal bases
We process personal data for the following purposes, on the legal bases listed below:
| Purpose | Legal basis (GDPR · FADP) |
|---|---|
| Responding to enquiries and pre-contractual requests | Performance of a contract / pre-contractual measures (Art. 6(1)(b) GDPR · Art. 31(2)(a) FADP) |
| Providing our services and managing the client relationship | Performance of a contract |
| Identity verification (KYC), AML and sanctions screening | Legal obligation / legitimate interest in preventing financial crime (Art. 6(1)(c) & (f) GDPR) |
| Accounting, invoicing and statutory record-keeping | Legal obligation (Art. 6(1)(c) GDPR) |
| Website operation, security and abuse prevention | Legitimate interest (Art. 6(1)(f) GDPR) |
| Analytics and improvement of our website | Consent (Art. 6(1)(a) GDPR) — see Cookies below |
| Direct marketing (newsletter, updates) | Consent / legitimate interest with right to object |
5. Cookies and analytics
Our website uses cookies and similar technologies for two purposes:
- Strictly necessary — required to deliver the site and remember basic preferences. These do not require your consent.
- Analytics — we use Google Analytics 4 (provided by Google Ireland Limited / Google LLC) to understand how visitors use our site. Analytics cookies are only set with your prior consent and IP addresses are anonymised where possible.
You can withdraw consent at any time via the cookie banner or by clearing cookies in your browser. You can also install the official Google Analytics opt-out browser add-on.
6. Sharing and recipients
We share personal data only when necessary and only with carefully selected recipients, including:
- banks, EMIs, payment providers and other financial counterparties involved in delivering a service you have requested;
- professional advisors (legal, tax, audit) bound by confidentiality;
- IT, hosting, email and analytics service providers acting as processors under written agreements;
- competent authorities, courts or regulators where we are legally required to disclose.
We never sell personal data.
7. International transfers
Because we operate internationally, some recipients may be located outside Switzerland or the European Economic Area. When this happens, we ensure that an adequate level of protection is in place through:
- transfers to countries recognised as providing adequate protection by the Swiss Federal Council and/or the European Commission;
- the EU Standard Contractual Clauses (with the Swiss addendum where required); or
- any other lawful safeguard, including your explicit informed consent.
8. Retention
We keep personal data only for as long as necessary for the purposes set out above, including:
- enquiry data: up to 24 months from last contact;
- client and KYC files: at least 10 years after the end of the relationship, in line with Swiss AML and bookkeeping obligations;
- accounting records: 10 years as required by the Swiss Code of Obligations;
- marketing data: until you withdraw consent or object.
9. Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction — including encryption in transit, access controls, least-privilege principles, regular reviews and staff training. No system is fully impervious, but we work hard to keep yours safe.
10. Your rights
Subject to applicable law, you have the right to:
- request access to your personal data and a copy of it;
- request rectification of inaccurate or incomplete data;
- request erasure of your data ("right to be forgotten");
- request restriction of processing or object to it;
- request data portability where applicable;
- withdraw consent at any time, without affecting the lawfulness of past processing;
- lodge a complaint with a supervisory authority — in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch); in the EU, your local data protection authority.
To exercise any of these rights, contact us at privacy@tsmsag.ch. We may need to verify your identity before responding.
11. Children
Our services are aimed at businesses and professionals. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us so we can remove it.
12. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The version date at the top of this page indicates when it was last revised. Material changes will be communicated through our website or, where appropriate, directly to you.
13. Contact
For any privacy-related question or request, please contact us at: