Last updated: June 30, 2026
INTRODUCTION
The relationship with the user is governed by the Swiss Federal Act on Data Protection (FADP) of September 25, 2020. More favorable rights provided under the user’s national law remain unaffected. In particular, for users located in a European Union country, the rights provided under Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR) apply. Users residing outside Switzerland are informed that Switzerland obtained an adequacy decision from the European Commission on January 15, 2024. The transfer of personal data to Switzerland may therefore be carried out without the need to obtain authorization from the competent privacy Authority.
This Site is not directed at minors under the age of 16, and the Data Controller does not knowingly collect personal data from minors.
Data Controller
Sotefin SA
VAT CHE-115.486.008
Via Gaggiolo 27, CH-6855 Stabio, Switzerland
Email: info@sotefin.ch
Phone: +41 91 950 88 41
Website to which this privacy policy refers: https://www.sotefin.com/ (the “Site”).
The Data Controller has not appointed a DPO (Data Protection Officer). You may therefore send any information request directly to the Data Controller at the contact details above.
GENERAL INFORMATION
This document describes how the Data Controller processes your personal data provided through the Site.
The main processing activities involving your personal data are described below, including the legal basis for processing, whether providing the data is mandatory, and the consequences of not providing personal data. To best describe your rights, where necessary, we have specified if and when a particular type of data processing is not carried out.
Registration on the Site
The Site does not offer a registration option. Therefore, the Data Controller does not process your personal data for this purpose.
Purchases on the Site
It is not possible to make purchases on the Site. Therefore, your personal data will not be processed for this purpose. The Data Controller does not process user data to send “reminder” emails for the purchase of its own products and/or services.
Responding to Your Requests
Your data will be processed in order to respond to your requests for information sent via the contact form or by email. The categories of data collected are: first name, last name, email address, phone number (if provided), and the content of the message sent. Providing this data is optional, but your refusal will make it impossible for the Data Controller to respond to your questions. The legal basis for processing is the Data Controller’s legitimate interest in following up on user requests (Art. 6.1.f GDPR), equivalent to the user’s interest in receiving a response to communications sent to the Data Controller.
General Marketing and Online Advertising
The Data Controller will not send you advertising material and/or newsletters relating to its own products or those of third parties by email, except with your explicit consent.
The Site does, however, use third-party services, such as Google Ads and Google Analytics, to analyze traffic and personalize online advertisements. These services involve the collection of personal data and the use of cookies. The legal basis for this processing is your consent (Art. 6.1.a GDPR; Art. 31 FADP), requested via the dedicated banner upon first access to the Site. You may withdraw your consent at any time by changing your cookie preferences. Further details are available in the Site’s Cookie Policy.
Profiling
The Data Controller does not carry out “profiling” using your personal data for the purpose of sending advertising material and/or newsletters tailored to your specific interests.
Data Sale/Transfer to Third Parties
The Data Controller does not sell or transfer your personal data to third parties as independent data controllers.
Geolocation
The Site does not implement tools for geolocating the user’s IP address, except for approximate location data that may be collected by Google Analytics for statistical purposes, as described in the Cookie Policy.
Curriculum Vitae
It is not possible to submit a curriculum vitae through the Site. Therefore, your data will not be processed for this purpose.
Appointment Booking
No third-party appointment booking systems with the Data Controller are active on the Site. Therefore, your data will not be processed for this purpose. In any case, you may always contact the Data Controller using the contact details indicated in the Introduction.
Photographs and Videos
The Data Controller does not request the publication of photographs and/or videos depicting you. Therefore, your data will not be processed for these purposes.
Web Scraping
The use of any automated process or system to access, acquire, copy, or monitor any part of our website, including but not limited to web scraping, crawling, or spidering techniques, is expressly prohibited. The Data Controller reserves the right to take all necessary measures, including legal action, to prevent and prosecute any unauthorized scraping activity. By using the Site, the user or any third party agrees not to: (i) use automated systems, such as bots, scrapers, or spiders, to access or interact with the Site; (ii) collect content, data, or other information present on the Site without explicit written authorization; (iii) distribute, display, publish, or otherwise use content acquired through scraping techniques without consent. Any violation of this clause will be considered a material breach of the Site’s terms of use and will result in appropriate measures, including the possible suspension of access to the Site and the initiation of legal action to protect the Data Controller’s interests.
Disclosure of Personal Data
In the course of its ordinary business, the Data Controller may disclose your personal data to certain categories of recipients. In Article 2 you can find the list of parties to whom the Data Controller discloses your personal data.
The “disclosure” of personal data to third parties differs from “sale/transfer” (governed by the preceding point). In disclosure, the third party to whom the data is transmitted may only use it for the specific purposes described in the relationship with the Data Controller. In a sale/transfer, however, the third party becomes an independent Data Controller of the personal data. Furthermore, your consent is always required to transfer your personal data to third parties as independent controllers.
Without prejudice to the foregoing, the Data Controller may still use your personal data to properly comply with obligations under applicable law.
SPECIFIC PRIVACY INFORMATION
Art. 1 Processing Methods and Security Measures
1.1 The processing of your personal data will mainly be carried out using electronic or otherwise automated means, in accordance with methods and tools suitable for ensuring the security and confidentiality of personal data.
1.2 The information collected and the processing methods will be relevant and not excessive in relation to the type of services provided. Your data will also be managed and protected in secure IT environments, through technical and organizational measures such as, by way of example: access restricted to authorized personnel only, secure connections (HTTPS/SSL), regular system updates, and regular backups.
1.3 No “special category data” is processed through the Site (data that may reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, health status, and sexual life).
1.4 No judicial data is processed through the Site.
Art. 2 Disclosure of Personal Data
The Data Controller may disclose your personal data to specific categories of recipients. Below is the list of parties to whom the Data Controller reserves the right to disclose your data:
- Parties (including Public Authorities) that have access to personal data under regulatory or administrative provisions.
- Public and/or private parties, natural and/or legal persons (legal, administrative and tax consultancy firms, Courts, Chambers of Commerce, Labor Offices, etc.), where disclosure is necessary or functional to the proper fulfillment of legal obligations.
- Employees and/or collaborators of any kind of the Data Controller, for the proper functioning of the Site.
- Companies, consultants, or professionals responsible for the installation, maintenance, updating, and general management of the Data Controller’s hardware and software, limited to these purposes.
- Web analytics and online advertising service providers (e.g. Google Ads, Google Analytics), within the limits of the consent given.
The Data Controller does not use CRM platforms for sending automated communications, nor external companies for customer care services, nor banking institutions or payment processing services, nor couriers or shipping companies (since purchases are not possible on the Site).
The Data Controller reserves the right to modify the list above based on its ordinary operations. You are therefore invited to regularly check this policy to verify which parties the Data Controller discloses your personal data to.
Art. 3 Data Retention
3.1 Your personal data will be retained only for the time necessary to ensure the proper provision of the services offered through the Site.
- For customer care/request-response purposes, data will be deleted once the assistance service is completed and, in any case, within a maximum of 3 months from the last email exchange with the data subject.
- Data collected through analytics/advertising cookies is retained according to the timeframes indicated in the Site’s Cookie Policy.
3.2 Without prejudice to Article 3.1, the Data Controller may retain your personal data for the time required by specific regulations, as amended from time to time.
Art. 4 Transfer of Personal Data
4.1 The Data Controller is based in a country with an adequate level of regulatory security.
- Your personal data may be transferred to the USA via service providers (e.g. Google) based on transfer mechanisms recognized under applicable law (standard contractual clauses and/or relevant adequacy decisions).
- The transfer of your personal data may take place to Switzerland. This transfer is covered by the European Commission’s decision of January 15, 2024, which found that Switzerland ensures an adequate level of protection for personal data transferred from the European Union.
4.2 Without prejudice to Article 4.1, your data may in the future also be transferred to non-EU/non-Swiss countries for which no adequacy decision exists; in such cases, the Data Controller will adopt appropriate safeguards in compliance with applicable law (e.g. standard contractual clauses). You are invited to regularly review this Article 4.2 for any updates.
4.3 At the user’s request, the Data Controller will apply to the processing of personal data any more favorable provisions under the user’s national legislation, where applicable.
Art. 5 Data Subject Rights
The Data Controller informs you that you have the right to:
- request access to your personal data from the Data Controller, as well as rectification or erasure thereof, or restriction of the processing concerning you, or to object to its processing, in addition to the right to data portability;
- withdraw consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal;
- lodge a complaint with a competent supervisory authority.
The rights listed above may be exercised by submitting an informal request to the contact details indicated in the Introduction.
For users residing in Switzerland, the competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch.
For users residing in the European Union, the competent supervisory authority is that of the Member State of habitual residence, place of work, or the place where the alleged infringement occurred (for example, for Italy, the Garante per la Protezione dei Dati Personali, www.garanteprivacy.it).
Art. 6 Amendments and Miscellaneous
The Data Controller reserves the right to make changes to this policy at any time, giving appropriate notice to Site users by updating the date at the bottom of this document, and ensuring in all cases adequate and equivalent protection of personal data. To view any changes, you are invited to regularly consult this policy. In the event of material changes to this privacy policy, the Data Controller may also notify users via email.